|
1
|
|
2
|
In the Packet Monitor Configuration window, click the Advanced Monitor Filter tab.
|
|
3
|
To monitor packets generated by the SonicWALL appliance, select Monitor Firewall Generated Packets.
Even when other monitor filters do not match, this option ensures that packets generated by the SonicWALL appliance are captured. This includes packets generated by HTTP(S), L2TP, DHCP servers, PPP, PPPOE, and routing protocols. Captured packets are marked with ‘s’ in the incoming interface area when they are from the system stack. Otherwise, the incoming interface is not specified. |
|
4
|
To monitor intermediate packets generated by the SonicWALL appliance, select Monitor Intermediate Packets. Selecting this check box enables, but does not select, the subsequent check boxes for monitoring specific types of intermediate traffic. Select the check box for any of the following options to monitor that type of intermediate traffic:
|
|
•
|
Monitor intermediate multicast traffic – Capture or mirror replicated multicast traffic.
|
|
•
|
Monitor intermediate IP helper traffic – Capture or mirror replicated IP Helper packets.
|
|
•
|
Monitor intermediate reassembled traffic – Capture or mirror reassembled IP packets.
|
|
•
|
Monitor intermediate fragmented traffic – Capture or mirror packets fragmented by the firewall.
|
|
•
|
Monitor intermediate remote mirrored traffic – Capture or mirror remote mirrored packets after de-encapsulation.
|
|
•
|
Monitor intermediate IPsec traffic – Capture or mirror IPSec packets after encryption and decryption.
|
|
•
|
Monitor intermediate SSL decrypted traffic – Capture or mirror decrypted SSL packets. Certain IP and TCP header fields might not be accurate in the monitored packets, including IP and TCP checksums and TCP port numbers (remapped to port 80). DPI-SSL must be enabled to decrypt the packets.
|
|
•
|
Monitor intermediate decrypted LDAP over TLS packets – Capture or mirror decrypted LDAPS packets. The packets are marked with “(ldp)” in the ingress/egress interface fields and has dummy Ethernet, IP, and TCP headers with some inaccurate fields. The LDAP server is set to 389. Passwords in captured LDAP bind requests are obfuscated.
|
|
•
|
Monitor intermediate decrypted Single Sign On agent messages – Capture or mirror decrypted messages to or from the SSO Agent. The packets are marked with “(sso)” in the ingress/egress interface fields and has dummy Ethernet, IP, and TCP headers with some inaccurate fields.
|
