Hi!
I am currently building my first homelab, which I will mainly use to practice cyber security. I am very new to networking and not familiar with how to set everything up yet. My lab layout should look like the the following: Internet -> pfSense firewall -> routerboard/switch -> ESXi server.
My goal is to also monitor all traffic on the network through a SIEM like SecurityOnion. For that to work, I found that I should use port mirroring, meaning that one port will "see" all traffic going through the other ports.
I just got my MikroTik RB2011UiAS-2HnD-IN routerboard for my homelab and am in the process of setting it up. I basically left it on default settings, with eth1 as my WAN interface and only changed the master password and disabled the WiFi. I don't have my machine for running SecurityOnion yet, but will have it by the end of the week. I wanted to ask how to properly configure the port mirroring? Should I just set eth1 as source and eth5 as the target and it's done? Or is there something else I need to do/configure?
I hope you guys can help me out, still a complete noob at this