Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 923 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mirror VPN traffic terminated into Sophos XG running 17.5.12 MR-12

Steve Gyurindak

I am new to Sophos so I am looking for some help.  My customer came to me and he would like to mirror all the VPN traffic that terminates through his Sophos XG.  The reason is that the traffic terminates and then exits to a device where mirroring of the traffic is not possible (it is owned by the carrier).

Is there a way to mirror (SPAN) traffic terminated from VPN connections to an interface in an Sophos XG running 17.5.12 MR-12?



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    Steve Gyurindak said:
    mirror (SPAN) traffic terminated from VPN connections to an interface in an Sophos XG

    Could you please share some more insight on this?

  • 0 in reply to FormerMember

    The customer has many vpn connections that terminate at the Sophos firewall, they then go out the port connected to the provider's CPE.  So their traffic never enters the internal network.  We are looking to pull a copy of all the traffic leaving the firewall going to the providers network.  Is there a way to mirror that traffic to another port on the firewall so it can be ingested by the Armis collector?

  • FormerMember
    0 FormerMember in reply to Steve Gyurindak

    I guess mirroring the VPN traffic would not be possible as it's encrypted.

    Can you give a bit more information on how traffic goes out the port connected to the provider's CPE?

    It would be great if you share a rough network diagram.

Reply
  • FormerMember
    0 FormerMember in reply to Steve Gyurindak

    I guess mirroring the VPN traffic would not be possible as it's encrypted.

    Can you give a bit more information on how traffic goes out the port connected to the provider's CPE?

    It would be great if you share a rough network diagram.

Children