Port Mirror Traffic to Firewall
Would it be uncommon, or unheard of, to port mirror traffic over one /24 subnet to a firewall in an effort to generate a firewall ruleset based on the allowed/blocked traffic?
The idea would be to not disrupt the existing network, but gain an understanding of what traffic is being passed over the network. I am well aware this could be done using Wireshark, but I'm more interested in the ease of seeing what the firewall blocked/allowed, and making changes accordingly.
Thoughts and ideas are welcome.
Thank you.
|