Results 1 to 3 of 3
  1. #1
    Newbie
    Join Date
    Jun 2017
    Posts
    1

    Question About Port Mirroring And Promiscous mode

    I want to make sure my network configuration is right.

    [Basic Configuration]
    - Untangle 13 on VirtualBox
    - Untangle is located behind a backbone switch hub that acts as a firewall & DHCP server and
    - set transparency bridge mode.
    - Networks of Untangle has bridged like this:
    **. External -> Physical eth0, promiscous mode, ip setting is dhcp(not server), is WAN
    **. Internal -> Physical eht1, Static LAN
    (I. E., Completely inside the network)

    Under these conditions, the following settings are most important.

    - The external port connects to the mirroring port of the backbone switch.
    (The mirroring port is the mirrored gateway port)
    - Internal port connects to the port of the backbone switch. (Internal network)

    What I want to do is monitor the incoming and outgoing packets and protect the network. In this case, I think that monitoring and protection of external ports should be done.

    I wan to ask the experts for help the configuration is correct.
    Last edited by wynne; 06-16-2017 at 03:26 AM.

  2. #2
    Untanglit
    Join Date
    Mar 2017
    Posts
    22

    Default

    Hi.
    Any managed switch I know, do not usually (read: almost never) receive traffic on the mirroring port. They just, well, mirror some (all) of the other ports to that one so any traffic can be monitored by another device connected to the mirroring port. This means that internal clients going to the Internet will flow through the switch and then to their default gw - which is it? You didn't say - and their traffic will be mirrored by the switch to the external of Untangle as a copy of the traffic, not the traffic itself.

    So even if Untangle worked on sessions coming from the external with addresses pertaining to the internal - and I think it would not - then it would act on a copy of the traffic which is already flown elsewhere.

    So not. This won't work and it doesn't seem right at all to me. Did I miss anything of your setup and the objectives you're trying to accomplish?

    Untangle must be inline. In your setup it is not. It is out of band.

  3. #3
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    16,024

    Default

    Quote Originally Posted by docfuz View Post
    Untangle must be inline. In your setup it is not. It is out of band.
    This is correct. Untangle is a firewall. It can "monitor" your network, but only if installed as a firewall.
    https://wiki.untangle.com/index.php/...Cardinal_Rules
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2