Example: Layer 2 Firewall Capture Interfaces in Passive Firewall mode

An example of deploying a Layer 2 Firewall in Passive Firewall mode.

The administrator at company B wants to set up a Single Layer 2 Firewall and deploy it in Passive Firewall mode using SPAN ports on the switch to duplicate packets for inspection. The following illustration shows the interfaces of the Layer 2 Firewall in Passive Firewall mode with Capture Interfaces.

Figure: Capture Interfaces with SPAN



In this example, Interface ID 0 is a Normal Interface used for management connections and sending TCP Reset responses. Interface ID 1 is a Capture Interface used for capturing network traffic from the network switch for inspection.

The administrator does the following:
  1. Creates a Single Layer 2 Firewall element and selects the Log Server to which the Layer 2 Firewall engine sends its log data.
  2. Defines Interface ID 0 as a Normal Interface and adds an IP address to it.
    • The IP address on Interface ID 0 is automatically selected as the Primary Control IP address because Interface ID 0 is the first Normal Interface with an IP address.
  3. Defines Interface ID 1 as a Capture Interface and selects Interface ID 0 as the Reset Interface.
  4. Saves the initial configuration of the engine in the Management Client.
  5. Maps the interface IDs to the physical interfaces in the NGFW Initial Configuration Wizard and makes initial contact with the Management Server.
  6. Installs a Layer 2 Firewall Policy in the Management Client to transfer the configuration to the engine.