04-04-2016 07:51 AM
I'd like to monitor a portion of my network on my failover PA in TAP mode.
Will this affect my HA pair at all?
Is it possible to set up an aggregate TAP of 2 ports?
thanks in advance...
04-04-2016 11:06 AM
Do you mean that passive firewall in active/passive cluster would perform monitoring (have TAP port listening)?
You can't do that because as name says - it is passive. Network ports are turned off on that fw.
04-04-2016 02:42 PM
Also, yes you can place 2 tap ports across 2 aggregated links. Just make sure to put both tap ports on the same security zone.
01-10-2026 07:59 PM
On the Cisco device, two interfaces (Ethernet 1 and Ethernet 2) are configured as part of the same aggregated link (Port-Channel 1).
SPAN is configured with the source VLANs 1–100 and the destination interface Port-Channel 1, as shown below:
monitor session 1 source vlan 1-100
monitor session 1 destination interface port-channel 1
On the Palo Alto device, the corresponding two interfaces (port 1 and port 2) are configured in TAP mode to receive the mirrored traffic from the Cisco device.
The question is: when SPAN traffic is sent out via a Port-Channel, can the Palo Alto device correctly receive and process the TAP traffic across these two interfaces?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
