Description
This article explains how to setup SPAN (Port Mirroring) using ports associated to underlying switch.
Scope
FortiGate.
Solution
The Switch Port Analyzer (SPAN) feature is now available only when type is switch. Port spanning echoes traffic received by the software switch to the span destination port. Port spanning can be used to monitor all traffic passing through the soft switch. You can also configure the span destination port and the span source ports, which are the switch ports for which traffic is echoed. Disabled by default.
SPAN for soft switch can be enabled in the CLI:
# config system switch-interfaceEnter the span port destination port name. All traffic on the span source ports is echoed to the span destination port. Use <tab> to advance through the list of available interfaces. Available when span is enabled.
edit <port>
set vdom <vdom-name> --> Enter the name of the VDOM, if no VDOMS are configured then it will be root
set member “port no” “port no” --> These are the ports that you want to add to your span port configuration.
set span enable
set span-source-port <port no>
set span-dest-port port
set span-direction {both | Tx | Rx}
end
end
span-direction {rx | tx | both}
Select the direction in which the span port operates:
rx copy only received packets from source SPAN ports to the destination SPAN port.
tx copy only transmitted packets from source SPAN ports to the destination SPAN port.
Both (the default) copy both transmitted and received packets from source SPAN ports to the destination SPAN port.
Intra-switch-policy Requirements (this cannot be changed after the switch is configured. Please delete the soft-switch and create again.)
- intra-switch-policy implicit is required in order to allow packet mirroring.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.