【Cyber Command】STA system status shows that the number of threats is 0
Problem Description
STA mirrored traffic is normal and has been connected to Cyber Command normally for a period of time. The system status shows that the number of threats is "0"
826405cd142bdd952d.png (297.78 KB)
Process——
- Check whether the interface configuration is correct
[Network Configuration]-[Physical Interface]. As shown in the figure, the interface is set to mirror type, but [Region] is not configured.
635775cd14336a8c0c.png (448.92 KB) - Configure the mirror interface area as "mirror area"
85895cd14352d69bf.png (400.62 KB)
3. After configuration, observe for a while and you can see that the number of threats has been generated normally.
56725cd1436a41039.png (335.75 KB)
Root cause
STA will not analyze the data received by the interface without adding the zone, so it will not generate "threat number"
solution
Configure the mirror port area of [Physical Interface] as "Mirror Area"
Suggestions and Conclusion
-
STA does not access Cyber Command and does not generate any threat data;
-
If the STA mirror port is not configured with a zone, no threat data will be generated;
-
If the configuration and access to Cyber Command are normal, you need to confirm whether the mirrored data is unidirectional traffic;
-
Test access to malicious Domain Name through an LAN PC to see if any threats are generated.
Original Link
https://support.sangfor.com.cn/cases/list?product_id=24&type=1&category_id=9768&isOpen=true