A switch is a bridge that routes traffic between network segments. It prevents all traffic from going to all segments, reducing network congestion. Because not all traffic going through a switch is visible to all devices on the network, the machine running Network Agent must be connected at a point where it can monitor all Internet traffic for the network.
Connect the Network Agent machine to the port on the switch that mirrors, monitors, or spans the traffic on the gateway or firewall port. The span or mirror port sees all the traffic that leaves each network segment.
The following illustration shows a network with a single switch. The Network Agent machine is attached to the port that mirrors all traffic from connected clients. Subsequent illustrations show multiple switch and multiple subnetwork configurations.
The following illustration shows the use of additional switches to create 2 network segments. All Internet traffic from these network segments must pass through Switch #3, to which Network Agent is attached. In a multiple-switch environment, failure to enable port spanning or mirroring could result in missed filtering and inaccurate reports.
The following illustration also contains multiple network segments. A remote office is filtered by installing another instance of Network Agent and configuring it to communicate with the Filtering Service at the main office.