[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

R: [ISSForum] Network sensor and clustering



To obtain the probe to monitor both fw:

You have to implement a Remote Span session, creating a vlan on which
monitored ports replicate traffic, like the example (using CatOS):


switch #1
# switch port analyzer
# source ports replicate traffic on vlan99 ****************************
set rspan source 4/3,4/4 99 both multicast enable create 


switch #2
# switch port analyzer
# you define source ports replicate traffic towards vlan99
****************************
set rspan source 4/31,4/33 99 both multicast enable create
# then you define the destination port (probe port) that monitors trafic
from vlan 99 **********
set rspan destination  4/48  99  inpkts disable learning enable create 


...then you plug the probe nic on switch #2, port 48 to monitor vlan99
traffic!


Bye!
Luca Damonte

-----Messaggio originale-----
Da: Aubin,Yves [mailto:yves.aubin@xxxxxxxxxxxx]
Inviato: mercoledì 27 ottobre 2004 16.44
A: issforum@xxxxxxx
Oggetto: [ISSForum] Network sensor and clustering


Hi list,

 

We are currently looking at a solution that involves putting our
firewalls 

in cluster with 2 cisco switches, one for each firewall in the cluster
to 

create some load balancing at the same time.

We want to put the switches on a spanning tree and connect the
RealSecure 

Network Sensor on only 1 of those switches.

 

Has anybody ever attempted something like this, is this feasable and if
so 

is there any issues with the sensor!!!

 

Thanks

 

_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.

_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.