Span port for network intrusion detection
I have pfsense setup on a box that contains three NIC interfaces. I have one configured for WAN and the other for LAN. I was wondering if it is possible to setup port mirroring/span with the third NIC so I can send network packets from there to a network intrusion detection server?
If anyone can shed some light on how to do this, that would be great!
Thank you all for your time!
Interfaces - Assign - Bridges - Advanced Options - Span Port
wouldn't you normally just do that at your switch?
@johnpoz: Yes, normally you would do that at the switch however I have an unmanaged switch. I was planning to put a TAP switch but the fact that I have three NIC's already on the firewall box and pfsense has spanning capabilities, I was thinking of going that route.