This feature allows you to duplicate traffic in real-time, sending a copy to a sensor for immediate analysis.
This can be useful for monitoring suspicious behavior, detecting intrusions, or identifying unusual traffic patterns as they happen.
It is available with Artica v4.50 Service Pack 1 or Artica v4.50 HotFix 20241104-17
This rule enables the creation of a reliable traffic stream for real-time analysis, security monitoring, diagnostics, and compliance, all without disrupting normal network operations.
¶ Create a rule
Creating a rule is a two-step process: the first allows you to create the traffic rule, and the second allows you to specify the destination.
- On the main firewall section, Click on “New rule” button.
- Check the Outgoing rule checkbox if you want your rule to duplicate all output packets.( keep off for the opposite )
- On the Action, choose “
Duplicate traffic” - Click on Add button
- The rule is added inside the table with the error “Error, no destination address”
- Click on the rule name to add the address
A new field “Redirect to local service” is added, set here the adress of your remote sensor.
Click on Apply and Apply firewall rules button
