I just received a PA-500. This is my first PAN device, so some of the terminology is different from prior units. From what I understand, virtual wire mode is the same as transparent mode. Is this correct? In short, I want to place this device before our current FW (between our ISP and a Cisco ASA device) initially just to monitor/capture data as if this device was in production. All of our NAT and service roles will remain on the ASA until testing has been completed. I followed the direction from this KB article (How to Configure Virtual Wire (VWire) ) going through the initial setup and creating alert profiles. Other than physically placing the device between our ASA and ISP device, is there anything else I need to do? I want to start seeing traffic flow, URL filtering, AV and such from the PAN device but without changing our current infrastructure. This is only for the initial test. The device will later be switched into L3 mode and replace our current ASA.
Vwire is very much similar to "Transparent mode" in Cisco, however Vwire doesnt mantain any ARP or MAC table unlike to transparent mode.
Vwire takes packet from one interface and forwards it to second interface. For this forwarding mechanism, it doesnt not check ARP or MAC table.
Your idea of implementation looks good to me. Make sure all provide are in Alert mode, and you are logging all kind of traffic. Which means you should have default "deny any any" rule at the end which does logging.
PA-500 in place without any hiccups. One problem regarding the data and this may be a training/config issue. When I go to ACC and drill down to Facebook-Base; the source IP is showing our external IP address and not the end user as I expected; or at least their IP address. The Destinations are facebook and akamaitechnologies (220.127.116.11). Did I plug the wrong sources in the ports? E1/1 is Untrusted (ISP) and E1/2 is trust (our current ASA firewall).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!