Hello,
I am trying to setup a Security Cehckup with dedicated Managemnt server and a gateway with interface in SPAN mode.
In the topology of the gateway I've set the eth1 as Internal / Not defined and No antispoofing
And the Mgt interface as External without Antispoofing
In the logs I can see strange lines. I see the requests from the gateway to DNS servers (OK) and also the packet back from the server. Is it normal due to the monitor interface? Is ti possible to mask these lines as the security checkup will integrate these logs in the reports?
Thanks
Expected behavior as undoubtedly the span port is seeing the traffic coming from the gateway.
You can create a "accept no log" rule for the relevant traffic to suppress it from the logs.