Configure port mirroring for network devices
You can configure port mirroring for network devices that require network traffic monitoring. When successfully configured, the network device copies all inbound and outbound traffic from specified interfaces and sends it to the designated monitoring port, for the Arctic Wolf Sensor to monitor.
Port mirroring creates a copy of selected network traffic and sends it to a designated mirror or destination port on the switch. The sensor can then analyze traffic without interfering with normal network operations. Mirroring the internal interfaces of your firewall provides visibility into all ingress and egress traffic to and from the internet.
- Source port — The switch uplink ports connected to the firewall. Make sure that you set both the ingress (RX) and egress (TX) traffic directions when you configure the source. In most deployments, the source ports are the inside, LAN, or DMZ uplink ports that connect to your firewalls.
- Destination port — The switch port connected to the sensor mirror port. The destination port should be a port on the same switch where the sensor mirror interface will be connected.
Note: This is not the sensor management port. For more information about sensor ports and connections, see the appropriate installation guide in Physical Arctic Wolf Sensors.
Configuration steps vary by switch manufacturer, model, and operating system. For more information, see the setup instructions provided by your network switch manufacturer.