- Blue, 1500 points or more
In a few places, we have a sensor both behind and in front of a firewall and both of them are underutilized. With v6, it would seem that monitoring both links using separate physical monitoring interfaces and virtual sensors would be possible. I'm concerned about problems this might cause. For example, I already know that today CSMARS doesn't include the interface from the original raw message, so I won't be able to differentiate based on that. Will CSMARS toss the "duplicate" event anyway? Any other reasons this configuration isn't advisable? Anyone doing this in production today?