Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sebastien_Barbe
Participant
Jump to solution

statefull inspection logging/warning without dropping

hi

we are in the process of migrating some "legacy" applications from one network topology to a new more robust one.

To facilitate this migration we would like to enable statefull inspection but only see the log events without actually dropping the nasty traffic. This would faciliate identifying faulty applications.

Is there a way to do this?

 

tx

 

0 Kudos
1 Solution

Accepted Solutions
_Val_
Admin
Admin

No, it is not possible to do warning only on out of state connections.

Also, mind, disabling stateful is a global feature, and it will affect all managed gateways, unless you set up it as an exception for only some specific SGs, as on this screenshot (Expections / Add / Select Gateways)

 

Screenshot 2020-07-03 at 12.06.14.png

View solution in original post

0 Kudos
3 Replies
_Val_
Admin
Admin

No, it is not possible to do warning only on out of state connections.

Also, mind, disabling stateful is a global feature, and it will affect all managed gateways, unless you set up it as an exception for only some specific SGs, as on this screenshot (Expections / Add / Select Gateways)

 

Screenshot 2020-07-03 at 12.06.14.png

0 Kudos
Sebastien_Barbe
Participant

hi 

thanks for the feedback. This is indeed what we did (years ago).

But we are facing the difficulty to identify those bad applications without "breaking" things.

tx

 

0 Kudos
Johan_van_Somme
Explorer
Hi Sebastian, will it help if you configure a specific port on your sg al monitoring port (promiscous mode) and hook that up to an analyer port on outgoing traffic of Vlan.
Attention: as stated this only monitors the traffic, with inspection. So it doesn't pass traffic, just listens.
In Cisco terms (ER) Span configuration.
Hope this helps,
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events