I've installed Forefront and wanted to use it as monitoring traffic solution until we decide to put it as a router.
I've 2 nic's assigned to this virtual machine. One NIC has connected port which is "mirror port" of our WAN redirected on switch so it sees all the network traffic flying by. The other NIC is internet access. This server is located inside our lan network.
What topology should i choose and which options I should look at to be able to see which traffic is used (SMTP, WWW etc) and who does what? We had cases of infected machines with spam and we want to be able to see that some machine is sending large amounts of mails.
Is that possible ?
