Dualcomm Dual-Link Gigabit TAP / NST Pro Combos

Low Cost Dual-Link Gigabit TAPs and Network Surveillance Solutions for the Security Professional

The following solutions are being offered to networking professionals in need of a convenient and low cost method to monitor and capture traffic on multi-link network segments (See article: Multi-TAP Network Packet Capture for additional information):

Dual-Link Gigabit ETAP-2205 TAP and NST Pro Single License Dual-Link Gigabit ETAP-2205 TAP and NST Pro Site License
Accessory
Accessory
Dual-Link, Failesafe Gigabit ETAP-5203 TAP and NST Pro Single License Dual-Link, Failsafe Gigabit ETAP-5203 TAP and NST Pro Site License
Dual-Link Gigabit mTAP-6215 TAP and NST Pro Single License Dual-Link Gigabit mTAP-6215 TAP and NST Pro Site License

Use Case 1: Multi-Link Gigabit Network Monitor / Capture Across Firewall

The following use case depicts monitoring / capturing network packets on both the "dirty" and "clean" side of a Firewall. A Dualcomm Technology, Inc Dual-Link Gigabit Network TAP (model: ETAP-2205) is placed between the network provider and a Firewall / Router external connection. The NST system in this instance can be used to perform a variety of network / security tasks with network traffic entering or leaving the Small and Medium Business (SMB) Corporate Intranet. Example usage: NAT and PAT network packets can be examined for proper translations by the Firewall and IDS events can be detected and analyzed to mitigate against any possible network attacks.

Dualcomm Multi-Link Gigabit Network TAP / NST Pro Combo - Monitor / Capture Across Firewall

Use Case 2: Multi-Link Gigabit Network Monitor / Capture, Link Fault Pass-Through (LFPT)

The following use case depicts monitoring / capturing network packets on the "clean" side of a Firewall with LFPT detection. A Dualcomm Technology, Inc Dual-Link, Dual-Mode, Failsafe Gigabit Network TAP (model: ETAP-5203) is placed between a high available Firewall implementation and the Enterprise Multilayer Network Switch equipment. The NST system in this instance can be used to perform a variety of network / security tasks with network traffic entering or leaving the Corporate Intranet. The high available Firewalls can use a Multilayer Switch link fault as a mechanism to failover since the ETAP-5203 supports "Link Fault Pass-Through (LFPT)" technology.

Dualcomm Multi-Link Gigabit Network TAP / NST Pro Combo - Monitor / Capture Across Firewall

Use Case 3: NST Multi-Tap Network Packet Capture & IDS Monitoring Using A Full Line Rate Gigabit Dual-Link TAP

The following use case demonstrates how to setup a "Multi-TAP" configuration to capture network packets and simultaneously perform IDS monitoring at full line rates on both the Internet Firewall facing side and the DMZ Firewall facing side. A Dualcomm Technology, Inc Dual-Mode Gigabit Network TAP (model: mTAP-6215) is network attached inline across the Internet and DMZ interfaces of the Firewall. An NST server configured with eight (8) Gigabit Copper NIC adapters and two (2) Gigabit Fiber NIC adapters is used to perform network packet capture and IDS monitoring of all traffic entering or leaving the organization as well as all Web traffic entering or leaving the DMZ Web Server network.

Example usage: Firewall rule sets can be validated for blocking "Blacklisted" sites from entering the DMZ network with IDS monitoring. NAT and PAT network packets can be examined for proper translations by the Firewall or for performing security penetration analysis, security hardening and auditing. The NST WUI Multi-TAP Network Packet Capture interface was designed to simultaneously capture packets with this configuration.

The mTAP-6215 Dual (2-Station) Regeneration TAP integrates two (2) independent Gigabit Enternet (GbE) TAPs. Each TAP duplicates its inline network traffic as two (2) non-aggregation data streams. One stream for Receive Data (RxD) and the other one for Transmit Data (TxD). Ports: M1 and M2 provide the non-aggregation traffic flow at the full line rate of 2 Gpbs to each Gigabit Adapter port shown on the NST server. The mTAP-6215 Regeneration TAP also replicates the data traffic flowing between the two inline Ports: A and B to both the aggregation monitor Port: M3 and SFP Port: M4. The aggregation monitor Port: M3 on each internal TAP is not used in this Use Case. Each aggregation SFP monitor Port: M4 is shown in the diagram below equiped with a Fiber Transceiver (***Note: These Transceivers are not included and are a separate purchase. They are shown for illustration purpose only.).

NST Multi-Tap Network Packet Capture &amps; IDS Monitoring Using A Full Line Rate Regeneration Dual TAP