Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sebastien_Barbe
Participant

statefull inspection logging/warning without dropping

Jump to solution

hi

we are in the process of migrating some "legacy" applications from one network topology to a new more robust one.

To facilitate this migration we would like to enable statefull inspection but only see the log events without actually dropping the nasty traffic. This would faciliate identifying faulty applications.

Is there a way to do this?

 

tx

 

0 Kudos
1 Solution

Accepted Solutions
_Val_
Admin
Admin

No, it is not possible to do warning only on out of state connections.

Also, mind, disabling stateful is a global feature, and it will affect all managed gateways, unless you set up it as an exception for only some specific SGs, as on this screenshot (Expections / Add / Select Gateways)

 

Screenshot 2020-07-03 at 12.06.14.png

View solution in original post

0 Kudos
3 Replies
_Val_
Admin
Admin

No, it is not possible to do warning only on out of state connections.

Also, mind, disabling stateful is a global feature, and it will affect all managed gateways, unless you set up it as an exception for only some specific SGs, as on this screenshot (Expections / Add / Select Gateways)

 

Screenshot 2020-07-03 at 12.06.14.png

View solution in original post

0 Kudos
Sebastien_Barbe
Participant

hi 

thanks for the feedback. This is indeed what we did (years ago).

But we are facing the difficulty to identify those bad applications without "breaking" things.

tx

 

0 Kudos
Johan_van_Somme
Explorer
Hi Sebastian, will it help if you configure a specific port on your sg al monitoring port (promiscous mode) and hook that up to an analyer port on outgoing traffic of Vlan.
Attention: as stated this only monitors the traffic, with inspection. So it doesn't pass traffic, just listens.
In Cisco terms (ER) Span configuration.
Hope this helps,
0 Kudos