Span port for network intrusion detection

  • Hi,

    I have pfsense setup on a box that contains three NIC interfaces. I have one configured for WAN and the other for LAN. I was wondering if it is possible to setup port mirroring/span with the third NIC so  I can send network packets from there to a network intrusion detection server?

    If anyone can shed some light on how to do this, that would be great!

    Thank you all for your time!

  • Banned

    Interfaces - Assign - Bridges - Advanced Options  - Span Port

  • LAYER 8 Global Moderator

    wouldn't you normally just do that at your switch?

  • Thanks,  doktornotor

    @johnpoz: Yes, normally you would do that at the switch however I have an unmanaged switch. I was planning to put a TAP switch but the fact that I have three NIC's already on the firewall box and pfsense has spanning capabilities, I was thinking of going that route.

Log in to reply