Deploying a Security Gateway in Monitor Mode

You can configure Monitor Mode on a Check Point Security Gateway interface. This lets the Check Point Security Gateway listen to traffic from a Mirror Port or Span Port on a connected switch. Use the Monitor Mode to analyze network traffic without changing the production environment. The mirror port on a switch duplicates the network traffic and sends it to the Security Gateway with an interface in Monitor Mode to record the activity logs.

You can use the Monitor Mode:

• To monitor the use of applications as a permanent part of your deployment
• To evaluate the capabilities of the Software Blades:
  • The Security Gateway neither enforces any security policy, nor performs any active operations (prevent/drop/reject) on the interface in the Monitor Mode.
  • The Security Gateway terminates and does not forward all packets that arrive at the interface in the Monitor Mode.
  • The Security Gateway does not send any traffic through the interface in the Monitor Mode.

Benefits of the Monitor Mode include:

• There is no risk to your production environment.
• It requires minimal set-up configuration.
• It does not require TAP equipment, which is expensive.