Create Network Packet Broker Profile

Use the following procedure to create a Network Packet Broker (NPB) profile:

Procedure

Step 1

In the Security Cloud Control platform menu, choose Products > Multicloud Defense .

Step 2

Navigate to Policies > Profiles > Network Packet Broker.

Step 3

Click Create.

Step 4

Provide a unique Name.

Step 5

(Optional) Enter a Description. This may help differenatiate between other profiles with similar names.

Step 6

Under Destinations expand the drop-down menu and select the preferred destination for your NPB profile should direct matching traffic to.

Step 7

Define th capture format to ensure that network data is effectively captured, stored, and analyzed, leading to better network management and troubleshooting capabilities. Expand the Capture Format drop-down menu and select one of the following formats:

  • None - Select this option if you have limited resources or operate within a highly dynamic environment that utilizes multiple formats. You can also select this option if you intend to change this field later on.

  • VXLAN - Virtual Extensible LAN, is not a capture format itself but rather a network virtualization technology. It extends Layer 2 networks over a Layer 3 infrastructure, enabling the creation of a virtualized network overlay and contains Ethernet frames within UDP packets, allowing them to be transmitted over IP networks

  • Netflow - Select this option if your environment is configured to export flow records to a designated collector or analysis tool, rather than capturing raw packets in formats like PCAP.

  • ERSPAN - Select this protocol to mirror traffic from a source to a destination over a network and extend the capabilities of traditional SPAN (Switched Port Analyzer) by containing mirrored traffic into GRE packets that are then sent over Layer 3 networks. This is ideal for environments where network traffic needs to be monitored from a central location.

Step 8

Expand the Slicing drop-down menu and select how each network packet is sectioned and captured, rather than the entire packet. If you opt to configure this, be sure to also configure the following options:

Offset value - This field allows you to configure the number of bytes that are skipped from the start of each packet before beginning to capture data. This is set to 4 by default.

Strip Encrypted Payload - Check this option to remove an encrypted portion of a packet's data payload during capture or analysis.Enable this to concentrate on metadata and network behavior while respecting privacy and optimizing resource use.

Step 9

Click Save.

What to do next

Attach the profile to a policy rule set. See Rule Sets and Rule Set Groups for more information.