SonicOS 7.0 Tools & Monitors

Download PDF
Technical Documentation > SonicOS 7.0 Tools & Monitors > Using Packet Monitor > Configuring Packet Monitor > Configuring General Settings > Configuring Advanced Monitor Filter Settings

Configuring Advanced Monitor Filter Settings

This section describes how to configure monitoring for packets generated by the SonicWall network security appliance and for intermediate traffic.

To configure the Advanced Monitor Filter settings

  1. Navigate to Tools & Monitors > Packet Monitor.
  2. Click the General tab.

  3. Click the Advanced Monitor Filter tab.

  4. To monitor packets generated by the SonicWall network security appliance, select Monitor Firewall Generated Packets.
  5. Even when other monitor filters do not match, this option ensures that packets generated by the SonicWall network security appliance are captured. This includes packets generated by HTTP(S), L2TP, DHCP servers, PPP, PPPOE, and routing protocols. Captured packets are marked with ‘s’ in the incoming interface area when they are from the system stack. Otherwise, the incoming interface is not specified.
  6. To monitor intermediate packets generated by the SonicWall network security appliance, select Monitor Intermediate Packets. Selecting this checkbox enables, but does not select, the subsequent checkboxes for monitoring specific types of intermediate traffic. Select the checkbox for any of the following options to monitor that type of intermediate traffic:
    • Monitor intermediate multicast traffic – Capture or mirror replicated multicast traffic.
    • Monitor intermediate IP helper traffic – Capture or mirror replicated IP Helper packets.
    • Monitor intermediate reassembled traffic – Capture or mirror reassembled IP packets.
    • Monitor intermediate fragmented traffic – Capture or mirror packets fragmented by the firewall.
    • Monitor intermediate remote mirrored traffic – Capture or mirror remote mirrored packets after de-encapsulation.
    • Monitor intermediate IPsec traffic – Capture or mirror IPSec packets after encryption and decryption.
    • Monitor intermediate SSL decrypted traffic – Capture or mirror decrypted SSL packets. Certain IP and TCP header fields might not be accurate in the monitored packets, including IP and TCP checksums and TCP port numbers (remapped to port 80). DPI-SSL must be enabled to decrypt the packets.
  7. Restore original ports on SSL decrypted traffic – Select to restore the original TCP ports from the encrypted connection in the SSL decrypted packets.
    • Monitor intermediate decrypted LDAP over TLS packets – Capture or mirror decrypted LDAPS packets. The packets are marked with “(ldp)” in the ingress/egress interface fields and has dummy Ethernet, IP, and TCP headers with some inaccurate fields. The LDAP server is set to 389. Passwords in captured LDAP bind requests are obfuscated.

    • Monitor intermediate decrypted Single Sign On agent/client messages – Capture or mirror decrypted messages to or from the SSO Agent. The packets are marked with “(sso)” in the ingress/egress interface fields and has dummy Ethernet, IP, and TCP headers with some inaccurate fields.

    Monitor filters are still applied to all selected intermediate traffic types.

  8. To save your settings and exit the configuration window, click Save.

Was This Article Helpful?

Help us to improve our support portal

Yes! Not Really

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden