04-14-2017 05:08 AM
I'm working on a home lab, have an ESXi server with some UTM VMs running and I'd like to give them something interesting to look at.
Following the online documentation (both in support and this: https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-a-Palo-Alto-Networks-De...)
I can't seem to get anything other than internal traffic.
The wild external traffic is on eth1, and the GUI for 7.1.4-h2 doesn't have anything that says 'tap this interface'.
What am I missing?
04-18-2017 07:19 AM
'tap' is an interface operational mode, creating a promiscuous interface that receives packets in a listening-only mode, any redirection toward this interface needs to be achieved via an external mechanism, like a SPAN port on a switch
if you don't want to interrupt your ongoing traffic, you'll need to create an additional interface, set it to tap mode, create zones and zone-to-zone security policy (allow policy), then add, on the esxi, the new interface to the same vswitch as your external interface, and set it to promiscuous mode
04-14-2017 06:25 AM
I'm a little confused on why you are tyring to setup a tap interface on a VM? Generally when you setup a TAP interface you would setup a SPAN port on the switch and then plug that into your actual TAP interface. Then you would create a security policy that just accepts and logs. I'm not sure if what you are trying to do is actually going to function as you think, but I have never had much need for a TAP interface so I could easily be wrong.
04-16-2017 10:24 AM
It's a home lab without a managed switch. It just seemed easiest to keep everything virtual.
I have a netgear managed switch in the toolbag I can wire into the mix, it just seemed like added hassle. (and it's backplane aggregate bandwidth is lower than what the cable modem can deliver.)
But I see your point, and it would avoid the PAN entirely. I just figured it had the functionality native, and ESXi had the ability to receive it, I could tap the traffic virtually, rather than in discrete hardware.
04-18-2017 07:19 AM
'tap' is an interface operational mode, creating a promiscuous interface that receives packets in a listening-only mode, any redirection toward this interface needs to be achieved via an external mechanism, like a SPAN port on a switch
if you don't want to interrupt your ongoing traffic, you'll need to create an additional interface, set it to tap mode, create zones and zone-to-zone security policy (allow policy), then add, on the esxi, the new interface to the same vswitch as your external interface, and set it to promiscuous mode
04-19-2017 06:23 PM
I ended up just throwing my switch upstream of the firewall and spanned ports from it.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
