Passive Sensor Deployment Scenarios and Port Mirroring
Enterprises that use the Qualys Network Passive Sensors to monitor their networks have to feed a copy of their network traffic to the sensor. This can be accomplished by tapping into their network at an appropriate choke point using port mirroring.
There may be different types of network environments and topologies where it may or may not be possible to deploy the passive sensor at the same location as the tap point. Based on these choices different types of port mirroring options have to be exercised.
In case multiple sniffing interfaces of the Network Passive Sensor are used (as available in 4G and 10G appliances) ensure that the mirrored traffic connected to the two interfaces is not coming from networks that have overlapping IP address space.
The following are the types of Passive Sensor Deployment Scenarios and Port Mirroring:
- Local SPAN
- RSPAN
- ERSPAN
- Assigning/Removing IP Addresses to the Appliance Sniffing Interfaces
- How to Extend Local Span Through Multiple Intermediate Switches to a Sniffer That is Multiple Switch Hops Away Without Using RSPAN.
- Deployment of Virtual Network Passive Sensors to Support Exceeding Volume of Traffic