https://community.cisco.com/t5/network-security/virtual-3ds-on-esxi/m-p/2621578#M1027756 <P>Can you sniff traffic from your sensing interfaces? See anything?</P><P>&nbsp;</P><P>Then at least we can figure out if it's a policy issue or a network setup issue.</P> Thu, 12 Mar 2015 14:14:15 GMT adhogan 2015-03-12T14:14:15Z https://community.cisco.com/t5/network-security/virtual-3ds-on-esxi/m-p/2621577#M1027753 <P>We're trying to get a new Sourcefire solution up and running. &nbsp;We're using the virtual servers rather than physical installed onto an ESXi 5.1 host.</P><P>We're running the 3DS in passive mode so we have 3 network adapters configured, 1 for management, 1 for internal traffic and 1 for external traffic (2 separate physical&nbsp;switches handle each). &nbsp;</P><P>I've configured the two physical switches to mirror from port X to port Y and connected 2 physical network ports on the ESXi host to each port Y on the physical switch. &nbsp;</P><P>I've created two separate vSwitches with each physical network port confgured in each, so vmnic2 is on vSwitch External and vmnic3 is on vSwitch Internal. &nbsp;vmnic2 is connected to Port Y on physical switch 1 and vmnic3 is connected to Port Y on physical switch2.</P><P>Each vSwitch and PortGroup has been configured to accept promiscuous accept MAC address changes and Accept Forged transmits.</P><P>With all this configured and from what I can find out this is how it needs to be configured, I'm not seeing any traffic on the 3DS. &nbsp;The Defence Center is showing no traffic and no connections.</P><P>Has anyone got any suggestions on what I've missed or how this is supposed to be configured?</P><P>&nbsp;</P> Tue, 12 Mar 2019 12:38:33 GMT https://community.cisco.com/t5/network-security/virtual-3ds-on-esxi/m-p/2621577#M1027753 mk-brown 2019-03-12T12:38:33Z https://community.cisco.com/t5/network-security/virtual-3ds-on-esxi/m-p/2621578#M1027756 <P>Can you sniff traffic from your sensing interfaces? See anything?</P><P>&nbsp;</P><P>Then at least we can figure out if it's a policy issue or a network setup issue.</P> Thu, 12 Mar 2015 14:14:15 GMT https://community.cisco.com/t5/network-security/virtual-3ds-on-esxi/m-p/2621578#M1027756 adhogan 2015-03-12T14:14:15Z https://community.cisco.com/t5/network-security/virtual-3ds-on-esxi/m-p/2621579#M1027759 <P>How do I check if I can sniff traffic? &nbsp;I'm not seeing anything when I do a show itraffic-statistics on the 3DS.</P><P>&nbsp;</P><P>update: I found out how to do a tcpdump from the command line of the 3DS and it's definitely receiving traffic from the mirrored switch port, so it must be a configuration issue, so passing onto the contractor doing that to fix.</P> Fri, 13 Mar 2015 04:46:26 GMT https://community.cisco.com/t5/network-security/virtual-3ds-on-esxi/m-p/2621579#M1027759 mk-brown 2015-03-13T04:46:26Z https://community.cisco.com/t5/network-security/virtual-3ds-on-esxi/m-p/2621580#M1027763 <P>http://www.cisco.com/c/en/us/support/docs/security/sourcefire-firepower-8000-series-appliances/117778-technote-sourcefire-00.html</P> Fri, 13 Mar 2015 12:10:53 GMT https://community.cisco.com/t5/network-security/virtual-3ds-on-esxi/m-p/2621580#M1027763 adhogan 2015-03-13T12:10:53Z