Configure Airwall Gateways to act as the Mirror Sources

You configure Mirror Source Airwall Gateways to send network information to the Mirror Destination Airwall Gateway.

CAUTION: If you capture traffic on all ports of the overlay port group, you may set up a loop. To avoid this, in your configuration set a BPF filter of “ip proto not 47” to exclude mirrored traffic. See BPF Settings for Port Mirroring.

If you use GRE Transparent Ethernet Bridging, ERSPAN type II or ERSPAN type III – You can use GRE key or Session ID to identify which source the packets arrived on.

Note: You can set up the Mirror Destination to also be a Mirror Source, to include that Airwall Gateway's traffic in the information sent to the packet analyzer. In this case, be sure to set a BPF filter to exclude the mirrored traffic.
  1. On a Mirror Source Airwall Gateway, go to Ports > Port mirroring.
  2. Select Edit Settings.
  3. Next to Configurations, select the + to add a mirroring configuration.
  4. In your new configuration:
    1. Under Type, select Mirror Source.
    2. Under Destination Airwall, select the Airwall Gateway you set up as the Mirror Destination.
    3. Under Capture interface, select the interface you want to capture network information from. Ports in overlay port groups and the overlay hipbr bridge interfaces are supported.
    4. Optional – If using a local device as the Mirror Destination, you can enter a GRE or session ID to distinguish the traffic being sent from this Mirror Source by including this value in the GRE/ERSPAN header of packets sent to a local device sync.
    5. Recommended – Set performance settings for suggestions on setting Snap length, Rate limit, and source-specific BPF filters that override the Mirror Destination BPF filters (Example (BPF filter of “ip proto not 47” to exclude mirrored traffic and avoid loops). See Adjust performance for mirrored traffic for guidance, or for more information on BPF filters, see BPF Settings for Port Mirroring.
  5. Select Update Settings.
Note: You can set up different configurations for a Mirror Source Airwall Gateway to send traffic to different Mirror Destinations.