https://live.paloaltonetworks.com/t5/general-topics/test-pa-200-parrallel-to-current-firewall/m-p/5544#M4050 <HTML><HEAD></HEAD><BODY><P><BR />Thanks jdelio.</P><P>That seems what I am looking for. The admin guide is not telling much, but using tap mode deployment I could find an how to on configuring this.</P><P></P><P>Cheers,<BR />Menno.</P></BODY></HTML> Tue, 08 Apr 2014 13:22:42 GMT admin 2014-04-08T13:22:42Z https://live.paloaltonetworks.com/t5/general-topics/test-pa-200-parrallel-to-current-firewall/m-p/5542#M4048 <HTML><HEAD></HEAD><BODY><P>I received a PA-200 device for review and testing. I like to set it up besides my current firewall and see what it can filter.</P><P>Via SPAN Monitor on a Cisco switch I copy all traffic on the UNTRUST side to the PA-200. Now I get a lot of tcp-reject-non-syn drops.</P><P>What is the correct way to configure the PA-200 to listen to all traffic on the UNTRUST line?</P></BODY></HTML> Tue, 08 Apr 2014 11:30:26 GMT https://live.paloaltonetworks.com/t5/general-topics/test-pa-200-parrallel-to-current-firewall/m-p/5542#M4048 MdeLoos 2014-04-08T11:30:26Z https://live.paloaltonetworks.com/t5/general-topics/test-pa-200-parrallel-to-current-firewall/m-p/5543#M4049 <HTML><HEAD></HEAD><BODY><P>Normally you mirror the port from the "external" working interface to wherever the PAN is plugged into, and configure the PAN to be in a "TAP" interface mode.</P><P></P><P>Is the PAN in "TAP" mode for its interface? </P><P></P><P>Per the Admin guide, it states the following:</P><P></P><P><STRONG>Tap Mode Deployments</STRONG></P><P>A network tap is a device that provides a way to access data flowing across a computer network. Tap</P><P>mode deployment allows you to passively monitor traffic flows across a network by way of a switch</P><P>SPAN or mirror port.</P><P>The SPAN or mirror port permits the copying of traffic from other ports on the switch. By dedicating an</P><P>interface on the firewall as a tap mode interface and connecting it with a switch SPAN port, the switch</P><P>SPAN port provides the firewall with the mirrored traffic. This provides application visibility within the</P><P>network without being in the flow of network traffic.</P><P></P><P><STRONG>Note</STRONG>: When deployed in tap mode, the firewall is not able to take action, such as</P><P>blocking traffic or applying QoS traffic control.</P></BODY></HTML> Tue, 08 Apr 2014 13:18:20 GMT https://live.paloaltonetworks.com/t5/general-topics/test-pa-200-parrallel-to-current-firewall/m-p/5543#M4049 jdelio 2014-04-08T13:18:20Z https://live.paloaltonetworks.com/t5/general-topics/test-pa-200-parrallel-to-current-firewall/m-p/5544#M4050 <HTML><HEAD></HEAD><BODY><P><BR />Thanks jdelio.</P><P>That seems what I am looking for. The admin guide is not telling much, but using tap mode deployment I could find an how to on configuring this.</P><P></P><P>Cheers,<BR />Menno.</P></BODY></HTML> Tue, 08 Apr 2014 13:22:42 GMT https://live.paloaltonetworks.com/t5/general-topics/test-pa-200-parrallel-to-current-firewall/m-p/5544#M4050 admin 2014-04-08T13:22:42Z https://live.paloaltonetworks.com/t5/general-topics/test-pa-200-parrallel-to-current-firewall/m-p/5545#M4051 <HTML><HEAD></HEAD><BODY><P>Please mark this as "Correct" or "Helpful" as this will help everyone in the community. <span class="lia-unicode-emoji" title=":grinning_face_with_big_eyes:">😃</span> Glad I could help.</P></BODY></HTML> Tue, 08 Apr 2014 13:45:31 GMT https://live.paloaltonetworks.com/t5/general-topics/test-pa-200-parrallel-to-current-firewall/m-p/5545#M4051 jdelio 2014-04-08T13:45:31Z