Configuring Mirror Settings

This section describes how to configure Packet Monitor mirror settings. Mirror settings provide a way to send packets to a different physical port of the same firewall or to send packets to, or receive them from, a remote SonicWALL firewall.

To configure mirror settings, complete the following steps:

Navigate to the Diagnostics > Packet Monitor page and click Configure.

In the Packet Monitor Configuration window, click the Mirror tab.

Under Mirror Settings, type the desired maximum mirror rate into the Maximum mirror rate (in kilobits per second) field. If this rate is exceeded during mirroring, the excess packets will not be mirrored and will be counted as skipped packets. This rate applies to both local and remote mirroring. The default and minimum value is 100kbps, and the maximum is 1Gbps.

Select Mirror only IP packets to prevent mirroring of other Ether type packets, such as ARP or PPPoE. If selected, this option overrides any non-IP Ether types selected on the Monitor Filter tab.

Under Local Mirror Settings, select the destination interface for locally mirrored packets in the Mirror filtered packets to Interface (NSA platforms only) drop-down list.

Under Remote Mirror Settings (Sender), in the Mirror filtered packets to remote Sonicwall firewall (IP Address) field, type the IP address of the remote SonicWALL to which mirrored packets are sent.


	NOTE: The remote SonicWALL must be configured to receive the mirrored packets.

In the Encrypt remote mirrored packets via IPSec (preshared key-IKE) field, type the pre-shared key to be used to encrypt traffic when sending mirrored packets to the remote SonicWALL. Configuring this field enables an IPSec transport mode tunnel between this appliance and the remote SonicWALL. This pre-shared key is used by IKE to negotiate the IPSec keys.


	NOTE: The Encrypt remote mirrored packets through IPSec (preshared key-IKE) option is inactive in SonicOS Enhanced 5.6.

Under Remote Mirror Settings (Receiver), in the Receive mirrored packets from remote Sonicwall firewall (IP Address) field, type the IP address of the remote SonicWALL from which mirrored packets are received.


	NOTE: The remote SonicWALL must be configured to send the mirrored packets.

In the Decrypt remote mirrored packets via IPSec (preshared key-IKE) field, type the pre-shared key to be used to decrypt traffic when receiving mirrored packets from the remote SonicWALL. Configuring this field enables an IPSec transport mode tunnel between this appliance and the remote SonicWALL. This pre-shared key is used by IKE to negotiate the IPSec keys.


	NOTE: The Decrypt remote mirrored packets through IPSec (preshared key-IKE) option is inactive in SonicOS Enhanced 5.6.

To mirror received packets to another interface on the local SonicWALL, select the interface from the Send received remote mirrored packets to Interface (NSA platforms only) drop-down list.

To save received packets in the local capture buffer, select Send received remote mirrored packets to capture buffer. This option is independent of sending received packets to another interface, and both can be enabled.

To save your settings and exit the configuration window, click OK.