I will install a 7600 with Anomaly Detector and Anomaly Guard Module to mitigate DDoS generated from Internet to some internal target (protected zone).
I will use an internal diversion (inline configuration) with a span session that capture rx traffic from the internet port link. This traffic is destined to a port of Detector.
I would to know if in this implementation I can detect also DDoS traffic generated from Inside network to internet. Can I create another span session that capture traffic from inside network to internet, and destine it to dataport2 of Detector? DDoS Mitigation can take place in both inbound and outbound directions? If I can do it, I need to create zones for all public IP address?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...