Print Download PDF Send Feedback

Previous

Next

Deploying a Security Gateway in Monitor Mode

In This Section:

Example Monitor Mode topology

Supported Software Blades in Monitor Mode

Limitations in Monitor Mode

Configuring a Single Security Gateway in Monitor Mode

Configuring a Single VSX Gateway in Monitor Mode

Configuring Specific Software Blades for Monitor Mode

You can configure Monitor Mode on a Check Point Security Gateway interface. This lets the Check Point Security Gateway listen to traffic from a Mirror Port or Span Port on a connected switch. Use the Monitor Mode to analyze network traffic without changing the production environment. The mirror port on a switch duplicates the network traffic and sends it to the Security Gateway with an interface in Monitor Mode to record the activity logs.

You can use the Monitor Mode:

Benefits of the Monitor Mode include:

Example Monitor Mode topology

Item

Description

1

Switch with a mirror or SPAN port that duplicates all incoming and outgoing packets.

The Security Gateway connects to a mirror or SPAN port on the switch.

2

Servers.

3

Clients.

4

Security Gateway with an interface in Monitor Mode.

5

Security Management Server that manages the Security Gateway.

Supported Software Blades in Monitor Mode

This table lists Software Blades, features, and their support for the Monitor Mode in a single Security Gateway deployment.

Important - Check Point Cluster does not support the Monitor Mode.

Software Blade

Support for the Monitor Mode

Firewall

Fully supports the Monitor Mode

IPS

These protections and features do not work:

  • 'SYN Attack' protection (SYNDefender)
  • 'Initial Sequence Number (ISN) Spoofing' protection
  • 'Send error page' action in Web Intelligence protections
  • Client/Server notifications about connection termination

Application Control

UserCheck is not supported

URL Filtering

UserCheck is not supported

Data Loss Prevention

These are not supported:

  • UserCheck
  • 'Prevent' and 'Ask User' actions - these are automatically demoted to 'Inform User' action
  • FTP inspection

Identity Awareness

These are not supported:

  • Captive Portal
  • Identity Agent

Threat Emulation

The Emulation Connection Prevent Handling Modes "Background" and "Hold" are not supported. See sk106119.

Anti-Bot

Fully supports the Monitor Mode

Anti-Virus

Fully supports the Monitor Mode

IPsec VPN

Does not support the Monitor Mode

Mobile Access

Does not support the Monitor Mode

HTTPS Inspection

Does not support the Monitor Mode

Anti-Spam

Does not support the Monitor Mode

QoS

Does not support the Monitor Mode

For more information, see sk101670: Monitor Mode on Gaia OS and SecurePlatform OS.

Limitations in Monitor Mode

These features, Software Blades and deployments are not supported in Monitor Mode:

For more information, see sk101670: Monitor Mode on Gaia OS and SecurePlatform OS.