Need help configuring 3com switch for websense port mirroring
Hi,
I'm having trouble understanding the documentation for a 3com 4500 g switch when it comes to port mirroring. I'm trying to install websense security suite on it's own box and connect it to this switch. I assume at least on of the switch ports the websense box uses will mirror network traffic in and out of our sonic wall. Is this correct?
My problems are:
The documentation I downloaded refers only to the command line interface not the web interface.
Second problem:
I don't know the IP of the switch I need to use! I know that sounds bad, but I didn't set up the network and it's not documented. The switch does not appear to have a console port. Anyone know a piece of freeware that can detect network devices and give me an ip?
thanks for any help, I really need it!
Maureen
I'm having trouble understanding the documentation for a 3com 4500 g switch when it comes to port mirroring. I'm trying to install websense security suite on it's own box and connect it to this switch. I assume at least on of the switch ports the websense box uses will mirror network traffic in and out of our sonic wall. Is this correct?
My problems are:
The documentation I downloaded refers only to the command line interface not the web interface.
Second problem:
I don't know the IP of the switch I need to use! I know that sounds bad, but I didn't set up the network and it's not documented. The switch does not appear to have a console port. Anyone know a piece of freeware that can detect network devices and give me an ip?
thanks for any help, I really need it!
Maureen
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi TNL_Engr;
I am still going over your info...so far it looks very helpful. We are a 2 person IT department so my time is very divided.
thanks so very much!
Maureen
I am still going over your info...so far it looks very helpful. We are a 2 person IT department so my time is very divided.
thanks so very much!
Maureen
No problem, I completely understand. Just let me know if I can be of further assistance.
ASKER
Hi again,
I did the GFI scan but was unable to figure out the IP of the switch so I moved the machine to a switch in the closet next door. Switch goes to a patch panel and is not directly connected to the sonic wall. I can move it back if necessary.
the only reason I really needed to get the switch IP was to set up port mirroring, but if I don't need to mirror that's ok.
A few questions if you have time:
Is bandwidth throttling controlling the amount of bandwidth allowed per PC?
Can you tell me how to set up port mirroring on the switch step by step? I referred to the manuals but their still pretty cryptic on what commands to use and it only takes you through it in the command line interface. It gives you a command requiring parameters, but doesn't give the parameters...
Sorry to be so clueless, but how does one configure the sonic wall to use url filtering?
If I can use the sonic wall configuration w/o port mirroring that's great. meanwhile, I am also hitting sonic wall support.
What I ultimately want to do is find out what pcs are downloading what, who's streaming video or audio and how much, etc.
As always, I greatly appreciate any help because right now I am rather stuck but I'm determined to get this set up.
thanks again,
Maureen
I did the GFI scan but was unable to figure out the IP of the switch so I moved the machine to a switch in the closet next door. Switch goes to a patch panel and is not directly connected to the sonic wall. I can move it back if necessary.
the only reason I really needed to get the switch IP was to set up port mirroring, but if I don't need to mirror that's ok.
A few questions if you have time:
Is bandwidth throttling controlling the amount of bandwidth allowed per PC?
Can you tell me how to set up port mirroring on the switch step by step? I referred to the manuals but their still pretty cryptic on what commands to use and it only takes you through it in the command line interface. It gives you a command requiring parameters, but doesn't give the parameters...
Sorry to be so clueless, but how does one configure the sonic wall to use url filtering?
If I can use the sonic wall configuration w/o port mirroring that's great. meanwhile, I am also hitting sonic wall support.
What I ultimately want to do is find out what pcs are downloading what, who's streaming video or audio and how much, etc.
As always, I greatly appreciate any help because right now I am rather stuck but I'm determined to get this set up.
thanks again,
Maureen
Hi Maureen,
Wow! Lot of questions. :-) Here goes:
1. You will eventually need to know the IP address of the 3Com switch if you want to make any configuration changes. You may not have found it in a scan if it does not have an IP address assigned, or if the address is in another range. In either case, you will probably need to use the console interface to set the new address.
2. What device are you using for bandwidth control? WebSense will support this if (a) you have the appropriate license, and (b) you set the WebSense server up in line like this: InsideNet--->WEBSENSE SVR --->SONICWALL --->Internet As you can see, all of the traffic to the Internet has to go through the WebSense server (in one interface, and out another interface). In this configuration the server can limit traffic by protocol. The other way to set up WebSense has the server somewhere on the inside of your network, and the firewall simply sends requests back to the server. In either case, WebSense reporting provides complete information on where everyone is going. So, either way you set it up you will get good information about the surfing habits of your users. Also, in either configuration you can limit which categories of sites your users are accessing.
3. If you need to configure port mirroring, here's all you need to enter from the command prompt:
<3Com> system-view
[3Com] mirroring-group 1 local
[3Com] mirroring-group 1 mirroring-port GigabitEthernet 1/0/1 both
[3Com] mirroring-group 1 monitor-port GigabitEthernet 1/0/3
In the example above, GigabitEthernet 1/0/1 is the port that you want to collect the traffic from and "both" indicates that you want to collect traffic going in and out of the port. GigabitEthernet 1/0/3 is the port that the traffic will be transmitted back out of. I've included this info simply so you know how to do it. You will not need to do this to configure WebSense. Be careful if you attempt to mirror traffic. You need to really understand the process before attempting it.
4. URL filtering on the SonicWall - Exactly how to set this up depends upon which model of SonicWall you have. I believe that WebSense can be configured on all of their models except the TZ150. Here's how it's done on a TZ170...Navigate to "Security Services", "Content Filtering". In the "Content Filter Type" drop down box select "Websense" and click configure. In the configuration section you will need to enter the IP address of the WebSense server, and maybe enter the type (not sure about that part, but there are only a couple of types that it could be. You should probably pick the highest number).
Lastly, your best support will come from WebSense. They have great documentation, and really customer support. They can help you with any configuration, and any firewall. SonicWall supports WebSense on most of their firewalls, but since they have a competing product, they may not be quite as knowledgeable (or forthcoming) about configuring third party add-ons.
Wow! Lot of questions. :-) Here goes:
1. You will eventually need to know the IP address of the 3Com switch if you want to make any configuration changes. You may not have found it in a scan if it does not have an IP address assigned, or if the address is in another range. In either case, you will probably need to use the console interface to set the new address.
2. What device are you using for bandwidth control? WebSense will support this if (a) you have the appropriate license, and (b) you set the WebSense server up in line like this: InsideNet--->WEBSENSE SVR --->SONICWALL --->Internet As you can see, all of the traffic to the Internet has to go through the WebSense server (in one interface, and out another interface). In this configuration the server can limit traffic by protocol. The other way to set up WebSense has the server somewhere on the inside of your network, and the firewall simply sends requests back to the server. In either case, WebSense reporting provides complete information on where everyone is going. So, either way you set it up you will get good information about the surfing habits of your users. Also, in either configuration you can limit which categories of sites your users are accessing.
3. If you need to configure port mirroring, here's all you need to enter from the command prompt:
<3Com> system-view
[3Com] mirroring-group 1 local
[3Com] mirroring-group 1 mirroring-port GigabitEthernet 1/0/1 both
[3Com] mirroring-group 1 monitor-port GigabitEthernet 1/0/3
In the example above, GigabitEthernet 1/0/1 is the port that you want to collect the traffic from and "both" indicates that you want to collect traffic going in and out of the port. GigabitEthernet 1/0/3 is the port that the traffic will be transmitted back out of. I've included this info simply so you know how to do it. You will not need to do this to configure WebSense. Be careful if you attempt to mirror traffic. You need to really understand the process before attempting it.
4. URL filtering on the SonicWall - Exactly how to set this up depends upon which model of SonicWall you have. I believe that WebSense can be configured on all of their models except the TZ150. Here's how it's done on a TZ170...Navigate to "Security Services", "Content Filtering". In the "Content Filter Type" drop down box select "Websense" and click configure. In the configuration section you will need to enter the IP address of the WebSense server, and maybe enter the type (not sure about that part, but there are only a couple of types that it could be. You should probably pick the highest number).
Lastly, your best support will come from WebSense. They have great documentation, and really customer support. They can help you with any configuration, and any firewall. SonicWall supports WebSense on most of their firewalls, but since they have a competing product, they may not be quite as knowledgeable (or forthcoming) about configuring third party add-ons.
ASKER
Thanks for answering all my questions. I have gotten the port mirroring working, however I have been sidetracked by a virus/trojan spambot:
https://www.experts-exchange.com/questions/23911594/We've-Been-blacklisted-trying-to-figure-out-if-our-server-is-a-spam-relay.html?anchorAnswerId=22989067#a22989067
https://www.experts-exchange.com/questions/23911594/We've-Been-blacklisted-trying-to-figure-out-if-our-server-is-a-spam-relay.html?anchorAnswerId=22989067#a22989067
ASKER
Sorry to be so late with this, just too many things on the plate atm but thanks so much again TNL_Engr for your very awesome help!!
In the configuration which you are probably trying to use, Websense receives the request for URL filtering from the SonicWall and returns an ALLOW or DENY response to the firewall. In this case, you do not need to set up port mirroring. You simply configure the firewall to use URL filtering, and tell it what the IP address of your Websense server is. The firewall takes care of the rest.
Let me know if you need any additional help with the firewall or Websense server. Good luck.