Documentation Center
AlienVault® USM Anywhere™

Configuring Dell SonicWALL Port Mirroring

You can configure port mirroring on the Dell SonicWALL NSA 2400MX to send a copy of network packets seen on one or more switch ports (or on a VLANBroadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2). VLANs allow network administrators to group hosts together, even if the hosts are not on the same network switch.) to another switch port, called the mirror port. By connecting to the mirror port, you can monitor the traffic passing through the mirrored port.

Note: A VLAN trunk port can be mirrored, but cannot act as a mirror port itself.

To create a new port mirroring group

  1. Navigate to Switching > Port Mirroring.
  2. Click New Group.
  3. In the Edit Mirror Group dialog, enter a descriptive name for the group into the Interface Group Name field.
  4. For the Direction, select one of the following:
    • ingress — Monitors traffic arriving on the mirrored port(s).
    • egress — Monitors traffic being sent from the mirrored port(s).
    • both — Monitors traffic in both directions on the mirrored port(s).
  5. In the All Interfaces list, select the port to use to mirror the traffic and click the upper right-arrow button to move it to the Mirror Port field.

    You must use an unassigned port as the mirror port.

  6. In the All Interfaces list, select one or more ports to be monitored, and click the lower right-arrow button to move them to the Mirrored Ports field.

    You will be able to monitor traffic on the mirrored port(s) by connecting to the mirror port.

  7. To enable port mirroring for these ports, select the Enable check box.
  8. Click OK.

To learn more about configuring port mirroring on SonicWall devices, refer to the Knowledge Base article on the vendor website.