Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1960
Views
0
Helpful
4
Replies

Layer 4 Traffic monitoring

Go to solution
richard.bumanlag
Level 1
Level 1

‎01-29-2012 07:51 AM

Hi,

Just want to ask the proper way to deploy layer 4 monitoring for Ironport WSA, so below is the diagram.

Lets say the switch has 5 available ports. From fa0/3 to fa0/7.

Do I just use Duplex mode and Tap a line from T1 to the switch? eX. T1 of Ironport to fa0/3

Or use Simplex mode? ex T1 to Fa0/3 then T2 to Fa0/4.

Thanks

Clients -------------------------Fa0/0 SWITCH Fa0/1 -------------------------- Fa0/0 FIREWALL

                                                    Fa0/2

                                                        |

                                                        |

                                                        |

                                                    Ironport

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ken Stieers
VIP
VIP

‎01-29-2012 04:50 PM

Richard,

You've got it right, either way.  If you put it in duplex, you echo everything from Fa0/1 to Fa0/2.  If you go "Simplex", echo traffic leaving Fa0/1 (on the way to the firewall) Fa0/3, and incoming traffic to Fa0/4.  On a busy network the duplex port on the Ironport could get overloaded...

I'd probably put all of the "security" stuff on a seperate VLAN so that any broadcasts on the client network don't add to the load.

Ken

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Ken Stieers
VIP
VIP

‎01-29-2012 04:50 PM

Richard,

You've got it right, either way.  If you put it in duplex, you echo everything from Fa0/1 to Fa0/2.  If you go "Simplex", echo traffic leaving Fa0/1 (on the way to the firewall) Fa0/3, and incoming traffic to Fa0/4.  On a busy network the duplex port on the Ironport could get overloaded...

I'd probably put all of the "security" stuff on a seperate VLAN so that any broadcasts on the client network don't add to the load.

Ken

0 Helpful

Go to solution
richard.bumanlag
Level 1
Level 1
In response to Ken Stieers

‎01-29-2012 05:31 PM

Thanks.

0 Helpful

Go to solution
richard.bumanlag
Level 1
Level 1

‎02-15-2012 06:24 PM

Hi,

A follow up question, do i need to configure a span port for this to work? or do I just need to plug it in without any configuration on the switch?

This is for tap and duplex mode. what additional configuration do I need to configure on the switch for this to work.

0 Helpful

Go to solution
Ken Stieers
VIP
VIP
In response to richard.bumanlag

‎02-15-2012 06:27 PM

Yes you need a span port. Span the port that the firewall is connected to to the port T1 is connected to.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents