Traffic Monitoring to and from specific device

Options
PaoloFracas
PaoloFracas Posts: 54  Ally Member
First Anniversary 10 Comments Friend Collector
in Security

Hi to all,

I would need to know if there is a rule to monitor traffic to and from a specific device.

I used the explanations on the page below as a basis but when I run a Ping test I get no monitoring.

https://community.zyxel.com/en/discussion/1719/how-to-disable-traffic-monitoring-on-a-specific-ip

Below my Rule.

immagine.png

What I need is to monitor all traffic to and from a specific device across the entire network and not just my PC for which I could use WireShark.

If there is external software it's fine anyway.

Thanks to all

Best Regards.

Paolo Fracas

All Replies

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,455  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @PaoloFracas ,

    You can capture packets from the LAN interface of the firewall and filter by IP address to sniff packets for that specific host.

  • PaoloFracas
    PaoloFracas Posts: 54  Ally Member
    First Anniversary 10 Comments Friend Collector
    Options

    Sorry for delay.

    Unfortunately the solution doesn't work.

    It doesn't monitor internal LAN traffic, which is what I need.

    Monitors traffic from LAN to VLAN and vice versa but not LAN to LAN traffic.

    Thanks anyway

  • PeterUK
    PeterUK Posts: 2,797  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited March 14
    Options

    The only way to Monitor traffic not going to the USG directly is to do a proxy ARP so that traffic per device goes through the USG.

    This setup shows how to do that for example normally 192.168.255.55 can ping 192.168.255.62 without the USG knowing but with proxy ARP setup 192.168.255.55 sends ping to the USG then to 192.168.255.62

    Untitled Image

  • PaoloFracas
    PaoloFracas Posts: 54  Ally Member
    First Anniversary 10 Comments Friend Collector
    Options

    I'll try.

    Thanks

  • PeterUK
    PeterUK Posts: 2,797  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited March 14
    Options

    Depending on the USG you have you might not have Native ports able to change interface type to general for proxy ARP option in which case you need to do a VLAN with interface type to general but this then brakes the switch setup for it so you need two more ports on switch say 19 port untag PVID 19 and PVID 1 port 20 being VLAN 15 tag on port 20 then connect port 17 to 19 and 20 to USG.

  • PaoloFracas
    PaoloFracas Posts: 54  Ally Member
    First Anniversary 10 Comments Friend Collector
    Options

    Thanks Peter,

    In addition to the type of Firewall (USG FLEX 100 in my case), I assume that one of the prerequisites is a Managed Switch.

    Which is not my case.

    Unfortunately.

  • PaoloFracas
    PaoloFracas Posts: 54  Ally Member
    First Anniversary 10 Comments Friend Collector
    Options

    By placing the device to be monitored in a dedicated VLAN could I monitor the traffic between the LAN and the device?!

    So a Smart Managed Switch would be enough for me.

    Right?

  • PeterUK
    PeterUK Posts: 2,797  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited March 28
    Options

    That would be be simple yes by another PC running Wireshark to see the monitored device

    or have another USG as a bridge to monitor the device

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)