IPS with port mirror

[jlobera]

Hi All,

Before configuring this i have checked ;

sk88980 - How to configure a Security Policy for Mirror Port Use
sk 101670 - Monitor Mode on Gaia OS and SecurePlatform OS
Thread: How to setup a new IPS sensor with 77.30? on CPUG

Topology is like this;




I configured all interfaces with no IP and monitor mode enabled. (Except the one for management, of course)
Disabled drop out of state
Profile is in troubleshooting mode
And I think that's it.

But it's not really caughting anything. Is the configuration OK? Some other input I should give you guys to understand the scenario?

PD: I have checked and there are some RX drops, but it should be caughting something anyway.

fw ctl zdebug drop shows;

;[cpu_1];[fw4_0];fw_log_drop_ex: Packet proto=6 dropped by fw_handle_first_packet Reason: Rulebase drop - rule 1;

;[cpu_1];[fw4_0];fw_log_drop_ex: Packet proto=6 dropped by fw_handle_first_packet Reason: Rulebase drop - rule 1;

;[cpu_1];[fw4_0];fw_log_drop_ex: Packet proto=6 dropped by fw_handle_first_packet Reason: Rulebase drop - rule 1;

;[cpu_1];[fw4_0];fw_log_drop_ex: Packet proto=6 dropped by fw_handle_first_packet Reason: Rulebase drop - rule 1;

;[cpu_1];[fw4_0];fw_log_drop_ex: Packet proto=6 dropped by fw_handle_first_packet Reason: Rulebase drop - rule 1;

;[cpu_1];[fw4_0];fw_log_drop_ex: Packet proto=6 dropped by fw_handle_first_packet Reason: Rulebase drop - rule 1;





Thanks in advance

[ofink]

;[cpu_1];[fw4_0];fw_log_drop_ex: Packet proto=6 dropped by fw_handle_first_packet Reason: Rulebase drop - rule 1;

What does the firewall rulebase look like? "Any source, any destination, any service: Allow"?

[jlobera]

What does the firewall rulebase look like? "Any source, any destination, any service: Allow"?

Yes. Thats it for the rule base