SonicOS 7 System

Table of Contents

Configuring IPS Sniffer Mode

To configure IPS Sniffer Mode

  1. Navigate to NETWORK | System > Interfaces.
  2. Click on the Edit icon for the X2 interface. The Edit Interface dialog displays.
  3. Set the Mode / IP Assignment to Layer 2 Bridged Mode. The options change.
  4. Set the Bridged To: interface to X0.

  5. Do not enable the Block all non-IP traffic setting if you want to monitor non-IP traffic.

  6. Select Never route traffic on this bridge-pair to ensure that the traffic from the mirrored switch port is not sent back out onto the network. (The Never route traffic on this bridge-pair setting is known as Captive-Bridge Mode.)

  7. Select Only sniff traffic on this bridge-pair to enable sniffing or monitoring of packets that arrive on the L2 Bridge from the mirrored switch port.

  8. Select Disable stateful-inspection on this bridge-pair to exempt these interfaces from stateful high availability inspection. If Deep Packet Inspection services are enabled for these interfaces, the DPI services continue to be applied.

  9. The Domain Name field is used to bound an accurate domain name with all web services provided by this interface. The value can be one of the following:

    • An FQDN address (*.company.com / www.company.com)

    • An IPv4 or IPv6 address string (a.a.a.a / b:b:b:b:b:b:b:b)

      When configured, all web access, along with SSL VPN service, should be accessed by only the Domain Name. No other attempts are allowed.

      Access through an exact IP address is implicitly trusted, whether this field is set or not.

      To enable this feature, make sure the Enforce HTTP Host Header Check option located on the Administrator page, is enabled as well.

  10. Click OK to save and activate the change. The dialog closes, and the NETWORK | System > Interfaces page redisplays.
  11. Click the Edit icon for the X1 WAN interface. The Edit Interface dialog displays.
  12. Assign the X1 WAN interface a unique IP address for the internal LAN segment of your network — this might sound wrong, but this is actually the interface from which you manage the appliance, and it is also the interface from which the firewall sends its SNMP traps as well as the interface from which it gets security services signature updates.
  13. Click OK.
  14. For traffic to pass successfully, you must also modify the firewall rules to allow traffic from the
    • LAN to WAN
    • WAN to the LAN
  15. Connect the:
    • Span/mirror switch port to X0 on the firewall, not to X2 (in fact, X2 is not plugged in at all)
    • X1 to the internal network

Use care when programming ports spanned/mirrored to X0.

Informational videos with interface configuration examples are available online. For example, see How to configure the SonicWall WAN / X1 Interface with PPPoE Connection. This and other videos are available at: https://support.SonicWall.com/videos-product-select.