Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
kbahrudin_FTNT
Staff
Staff

Created on ‎07-22-2015 05:34 PM Edited on ‎12-22-2024 01:49 PM By Staff

Article Id 191137

Technical Tip: SPAN (Port Mirroring) using ports associated to underlying switch chip/driver

Description

 
This article explains how to setup SPAN (Port Mirroring) using ports associated to underlying switch chip/driver.


Scope

 
SPAN (Port Mirroring).


Solution

 
The Switch Port Analyzer (SPAN) feature is now available for hardware switch interfaces on FortiGate models with built-in hardware switches (for example, the FortiGate-100D, 140D, and 200D, etc.)

To enable SPAN on a hardware switch via the GUI, go to System > Network > Interfaces and edit a hardware switch interface.

By default, the system may have a hardware switch interface called LAN. A new hardware switch interface can also be created.
  • Select the SPAN check box, then select a source port from which traffic will be mirrored.
  • Select the destination port to which the mirrored traffic is sent.
  • Select to mirror traffic received, traffic sent, or both.

SPAN can also be enabled in the CLI:
 
config system virtual-switch
    edit <Name of the virtual switch>
        set span enable
        set span-source-port <port>
        set span-dest-port <port>
        set span-direction {both | tx | rx}
    end
end

 

Note:

The hardware switch does not support multiple source ports. To specify multiple source ports for SPAN, it is possible to use a software switch instead. 

 

config system switch-interface 
    edit <port>
        set span enable
        set span-source-port <port> <port>   <----- Multiple ports specified separated by space.
        set span-dest-port <port>
        set span-direction {both | tx | rx}
    end
end

 

Note:

If mirroring WAN interfaces is required, it is necessary to create a virtual switch interface and add at least two ports to it: one for the WAN connection and one for the mirror port. The virtual switch interface should function as the WAN connection without issues.

 

It is important to note that before adding the WAN port to the virtual switch, it is necessary to remove the WAN port from all existing references. After configuring the virtual switch and the port mirroring, it is recommended to update the firewall policies and any other references to replace the old WAN interface with the new WAN-SPAN interface.

 

Note: Port mirroring is not possible on the fortilink interface on FortiGate. However, it can be achieved on the Fortiswitch. Please refer to the below link

https://community.fortinet.com/t5/FortiSwitch/Technical-Tip-SPAN-Port-Mirroring/ta-p/189430

117061
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.