Hey!
So Ive been trying to get Port mirroring to work as I want it to, but having a hard time.
Ive enabled a switch rule that takes all traffic coming in on ether1,2,3 and 4 and mirror it all it ether5. This works well, but unfortunately, in my IDS I only get the WAN IP and not the internal ones. Is there any way around this?
Also, if I would want to include the wlan interface. How would that be done? If I only use the switch rule to mirror traffic, the wlan traffic doesnt seem to be included. If I set the switch mirror source to ether1 it works, but again, I only get to see WAN IP’s.
Thanks so much for any input on this.