We can measure how much traffic is going through the appliance.
Here is the instruction to get the packet capture.
To log all packets on a Next-gen (1.2 or later firmware) Proventia G, you will need to use tcpdump on the command line. The command is below.
# tcpdump –s 0 -i ProvG_1 -n -w /tmp/capture.enc
Below is an explanation of the parameters in the command above.
The –s 0 parameter is used to capture all traffic on the wire. Usually, tcpdump will only capture approximately the first 68 bytes.
The –i ProvG_1 is used to capture all the traffic on all monitoring interfaces. A single interface can not be specified.
The -n option is used to disable reverse dns lookup.
The -w /tmp/capture.enc parameter instructs tcpdump to write the contents to a file on the disk. This file will be in raw format and can be analyzed in ethereal or by running the capture back through tcpdump for a text dump of the headers.
The tcpdump will gather captures before the packets reach PAM or the firewall. Therefore, all traffic, including traffic that the Proventia G would normally block, will be seen in the packet capture
The Simplest and Best Way to Manage Checkpoint Secure Platform http://www.smartsplat.com
