EasyManua.ls Logo

Check Point L-71 - Page 67

Check Point L-71
124 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Appliance Configuration
Check Point 1400 Appliances Centrally Managed Administration Guide R77.20.85 | 67
Monitor Mode
Security Gateways can monitor traffic from a Mirror Port or Span Port on a switch.
With Monitor Mode, the appliance uses Automatic Learning or user-defined networks to identify
internal and external traffic, and to enforce policy.
Automatic Learning - The appliance automatically recognizes external networks by identifying the
default gateway's network from requests to the Internet (specifically, requests to Google). The
rest of the networks are considered internal.
User-Defined Networks - You can manually define internal networks. If a network is not defined
as internal, it is considered external.
In both Automatic Learning and user-defined networks:
Traffic to internal hosts is inspected by the Incoming/Internal/VPN Rule Base.
Traffic to external hosts is inspected by the Outgoing Rule Base.
Threat prevention's default configuration is optimized to inspect suspicious traffic from
external hosts to internal hosts.
To configure monitor mode in the WebUI:
1.
Go to Device > Local Network.
2.
Select an interface and double-click.
The Edit window opens in the Configuration tab.
3.
In the Assigned To drop-down menu, select Monitor Mode.
The Manually define internal networks checkbox shows.
4.
To use Automatic Learning, do not select Manually define internal networks and click Apply.
5.
To use your own network definitions, select Manually define internal networks.
The network definition features and table show.
6.
Click New.
7.
Enter the network IP address.
8.
Enter the subnet. An internal network can be a 255.255.255.255 subnet, for one host. For
example, to monitor the traffic after the router, enter the IP address of the Default Gateway
and the 255.255.255.255 subnet.
9.
Click Apply.
The Internal network you defined (with Monitor Mode in the name) shows in the list of
interfaces.
Note - You can configure multiple local networks to be in monitor mode at the same time.
After you configure monitor mode:
1.
Go to Device > Advanced Settings.
2.
Turn off Anti-Spoofing.
To configure monitor mode in CLI:
1.
To define a port for Monitor Mode:
> set interface
<portName>
monitor-mode
2.
To configure Monitor Mode Automatic Learning, disable user-defined networks:
> set monitor-mode-configuration use-defined-networks false

Table of Contents

Other manuals for Check Point L-71

Preview: Getting Started Guide
Getting Started Guide106 pages

Related product manuals