Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Port mirroring

Hi there,

Want to deploy a monitoring server to visualize and monitor network traffic and behavior in the network.
Therefore I started to try use iptables to configure (port) mirroring.

iptabes -I POSTROUTING -t mangle ! -s 127.0.0.1 -J TEE --gateway 12.34.56.78
iptabes -I PREROUTING -t mangle ! -s 127.0.0.1  -J TEE --gateway 12.34.56.78

Unfortunately by adding these rules a high CPU utilization by the IDS (snort) process is observed. Nothing helpful can be found in the log files. Any other suggestions regarding mirroring traffic in user space or kernel space will be appreciated!

Regards,

Ilias.



This thread was automatically locked due to age.
Parents Reply Children
  • Hi,

    Thanks for pointing to the feature request.

    But I keep this post open as:

    - I am aware that it should be possible to arrange this in the mean time in user space (or probably kernel space);

    - Feature request is almost two years open.

    Regards,

    Ilias.