[j-nsp] SRX - tap mode?

DeathPacket deathpacket at gmail.com
Wed Sep 12 15:53:01 EDT 2012 

Will,

Here is a config for using a port on a branch device as a packet capture
device. Port ge-0/0/1 is put into promiscuous mode (has to be a gig port
btw) and getting forwarded packets from a switch.

You need the:

forwarding-options {
    packet-capture {

setting and the packet filter.

Interface does not need to be in a zone.

--Ben

On Wed, Sep 12, 2012 at 11:31 AM, Stefan Fouant <
sfouant at shortestpathfirst.net> wrote:

> You can always create your own 'tap mode' by simply configuring Filter
> Based Forwarding and shunting your selective traffic through your IDP. I
> did this all the time in my previous life when dealing with security
> devices that couldn't scale enough to place in-line.
>
> Stefan Fouant
> JNCIE-SEC, JNCIE-SP, JNCIE-ENT, JNCI
> Technical Trainer, Juniper Networks
>
> Follow us on Twitter @JuniperEducate
>
> Sent from my iPad
>
> On Sep 12, 2012, at 11:43 AM, William McLendon <wimclend at gmail.com> wrote:
>
> > hi Tim,
> >
> > thanks for the response - but reading the description that sounds like
> the firewall itself still has to be inline, which i'm trying to avoid here.
> >
> > I guess what does the rest of the config have to look like for it to
> function correctly off a span port?  ie there wouldn't be any routing or IP
> interfaces involved.
> >
> > Thanks,
> >
> > Will
> >
> > On Sep 12, 2012, at 11:35 AM, Tim Eberhard wrote:
> >
> >> High end SRX's support tap mode. Branch as far as I know do not.
> >>
> >>
> http://www.juniper.net/techpubs/software/junos-security/junos-security10.2/junos-security-swconfig-security/topic-45272.html
> >>
> >> Hope this helps,
> >> -Tim Eberhard
> >>
> >> On Wed, Sep 12, 2012 at 10:33 AM, William McLendon <wimclend at gmail.com>
> wrote:
> >>> hi everyone,
> >>>
> >>> do SRX firewalls support a "tap mode" installation?  Really just
> looking at it for purposes of evaluation of IDP functionality where tap
> mode would be the least intrusive method to see data vs having to put it
> inline (and then deal with the inevitable "you put a device inline and now
> XYZ doesn't work!")
> >>>
> >>> I seem to recall that they do not, and they have to be installed in L3
> mode or in Transparent mode, but was hoping I may have missed the feature
> in a release note somewhere.
> >>>
> >>> Thanks,
> >>>
> >>> Will
> >>> _______________________________________________
> >>> juniper-nsp mailing list juniper-nsp at puck.nether.net
> >>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list