05-09-2020 03:51 AM
Dear Team,
As per the customer requirement we want to perform Port spanning or port mirroring on the firewall interface so we need confirmation whether it is recommended from Palo Alto and if we perform this will there be any impact on the firewall as firewall is in production at data center or is there any alternate method for this.
Request your immediate help on this.
Regards
Karthikeyan Balamurugan
05-09-2020 06:37 AM
Customer requirement is SPAN traffic from Palo Alto on temporary basis to perform POC on NAC.
SPAN the traffic as mentioned below, so that a cable will be connected from Palo Alto to the server to get mirrored traffic from router zone.
Source : Security Zone – Palo Alto (ae1.120)
Destination : Security Zone – NAC POC SPAN (To be created and assign to any free Ethernet physical interface(1000Mbps))
Note : Make sure that production traffic is not disturbed.
05-10-2020 10:42 PM
This is not possible, you can't span from the firewall to somewhere else
The only thing that comes close is the decryption port mirror, but that applies only to decrypted ssl/tls
Alternatively you can log export syslog which could feed a NAC user-ip mappings
05-10-2020 11:01 PM
I agree with @reaper that firewall doesnt support port spanning in itself but you can go for one alternative which I always prefer.
Span the port of switch which is connected to firewall interface you want to monitor and then connect the mirrored port to your server . It will more or less serve you the same purpose.
Hope it helps ..Cheers !
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
