locked
Network Taps for ATA Gateway RRS feed

  • Question

  • Hi,

    I need to deploy a couple of gateways due to volume of traffic on some domain controllers.

    I plan to use gigamon taps to copy of the traffic going to the required domain controllers.  However these taps split the TX and RX traffic so they can handle the full load of the traffic.

    Will the gate be able to understand the traffic, if connect both feeds (TX & RX) to a gateway on separate interfaces and tell it to monitor them both or do I need to aggregate the traffic to a single network interface before sending it to the gateway?

    Thank you

    Tuesday, February 28, 2017 1:34 PM

All replies

  • By this documentation (https://docs.microsoft.com/en-us/advanced-threat-analytics/deploy-use/configure-port-mirroring ) ATA does support tapping. So should be fine. 

    Hope that answers your question. 

    Tuesday, February 28, 2017 2:57 PM
  • Thank you but not quite,

    mirror ports will be a single aggregated feed (both TX and RX over a single network cable).  I would like to know if the gateway will handle two feeds over two network cables from a single tap, where one is a just the TX packets and the other is the RX packets.  This is how physical network taps send the traffic to monitoring devices. 

    Yes I can aggregate that traffic to a single feed, that is not a problem.  I just need to purchase more kit todo that.  Where I'm going with this question, is do I need to purchase that additional kit or not?

    I hope that explains the question better?

    Tuesday, February 28, 2017 3:38 PM
  • Hello,

    ATA Gateway support for capturing traffic from multiple NICs. However, if the Network Tap distributes the inbound and outbound traffic into two mirroring ports, I don't think the ATA Gateway can aggregate the traffic internally.

    In my opinion, the reason for splitting the traffic is to avoid exceeding the bandwidth limit of mirroring port, and if you only capture the domain controller related traffic, you can just mirror both inbound and outbound traffic to one port.

    On the other hand, if you have to split the traffic, you'd better aggregate the traffic before sending to ATA Gateway.

    Best regards,
    Andy Liu

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, March 1, 2017 2:14 AM