SPAN or Mirror Port in Maestro

maxtaan

Hello Mates!!

Is configuring a SPAN/Mirror port from the MHO or within a Maestro setup possible? If so, could you provide the relevant configuration steps and any official documentation or SecureKnowledge (SK) articles?

Looking forward to your expert guidance.

Thanks in advance.

AkosBakos

Hi @maxtaan

Here is the common guide of monitor port. https://support.checkpoint.com/results/sk/sk101670

To configure Monitor Mode on a 40000 / 60000 Scalable Platform or Maestro that runs an R80SP.20 or higher release, refer to the corresponding R80SP.X Scalable Platforms Administration Guide, or Maestro Next Generation Security Gateway R80.20SP Guide - Chapter 'Deploying a Security Group in Monitor Mode'.

I hope it make sense.

Akos

----------------
\m/_(>_<)_\m/

Chris_Atkinson

To clarify do you want the system to originate or receive the mirrored traffic?

Would this not be possible from the adjacent network elements?

CCSM R77/R80/ELITE

maxtaan

Hello @Chris_Atkinson

It may be possible from the adjacent network elements, but I want to send mirror traffic to QRADAR. There are different switches between the MZ and DMZ firewalls, but the MHO is the same. If we do it from switch some additional ports will be needed from both switches. That's why I want to do port mirroring from MHO. How can I achieve it? If yes, how? Please suggest.

Thanks

Chris_Atkinson

Would suggest consulting with your local SE regarding the suitability of Mirror and Decrypt

CCSM R77/R80/ELITE