Configure a Mirror Destination to send to a Mirror Destination Group

The Mirror Destination Airwall Gateway is where the network information your packet analyzer needs to consume is sent.

When using a port group, you connect your packet analyzer to the Mirror Destination Airwall Gateway using a physical cable.

CAUTION: When you are using a Mirror Destination group as the destination, you can’t use a normal or virtual switch – you must connect the Mirror Destination to the packet analyzer directly with a cable. Because of this, this configuration is not supported on the 300v.
  1. On the Mirror Destination Airwall Gateway, go to Ports > Port mirroring.
  2. Select Edit Settings.
  3. Next to Configurations, select the + to add a port mirroring configuration.
  4. In your new configuration:
    1. Set the Enabled toggle to On.
      Note: After configuration, use this toggle to turn port mirroring on and off.
    2. Under Type, select Mirror Destination.
    3. Under Packet destination, select the Mirror Destination group you set up earlier.
    4. Optional – Under Overlay IP, change the Airwall Gateway mirroring configuration IP address. This IP is used for internal addressing only and is set by default to fd00:/8.
      CAUTION: When using Mirror Destination group, make sure it’s not connected back to the original network, as this can cause loops with ever-increasing traffic as you’re mirroring mirrored traffic (with the potential for overloading your network).
    5. Optional – Under BPF filter, Leave blank unless you are only interested in a single type of traffic, or want to exclude traffic from all sources.
      Note: If you use a BPF expression on the Mirror Destination, that’s the default for all of the Mirror Sources, unless you set a BPF expression on the source, which overrides this default.
  5. Select Update Settings.

You should be able to see some traffic from the Mirror Destination Airwall Gateway to the Mirror Destination group.