Description
This article explains how to setup SPAN (Port Mirroring) using ports associated to underlying switch.
Scope
FortiGate.
Solution
The Switch Port Analyzer (SPAN) feature is now available only when type is switch. Port spanning echoes traffic received by the software switch to the span destination port. Port spanning can be used to monitor all traffic passing through the soft switch. You can also configure the span destination port and the span source ports, which are the switch ports for which traffic is echoed. Disabled by default.
SPAN for soft switch can be enabled in the CLI:
config system switch-interface
edit <port>
set vdom <vdom-name> --> Enter the name of the VDOM, if no VDOMS are configured then it will be root
set member “port no” “port no” --> These are the ports that you want to add to your span port configuration.
set span enable
set span-source-port <port no>
set span-dest-port port
set span-direction {both | Tx | Rx}
end
end
Enter the span port destination port name. All traffic on the span source ports is echoed to the span destination port. Use <tab> to advance through the list of available interfaces. Available when the SPAN is enabled.
span-direction {rx | tx | both}
Select the direction in which the span port operates:
Example:
To create SPAN on Software switch the Software switch should be created first
Once the Software switch is created use the CLI to enable SPAN on the interfaces.
Example:
config system switch-interface
edit "Test"
set vdom "root"
set member "port5" "port6"
set span enable
set span-dest-port "port6"
set span-source-port "port5"
next
end
The SPAN port can also be achieved using Hardware switch:
Example:
To create SPAN on Software switch the Hardware switch should be created first
Once created the form the GUI SPAN can be enabled as below:
CLI configuration:
config system interface
edit "PortMirror"
set vdom "root"
set ip 192.168.2.1 255.255.255.0
set type hard-switch
set device-identification enable
set lldp-transmission enable
set role lan
set snmp-index 36
next
end
config system virtual-switch
edit "PortMirror"
set physical-switch "sw0"
set span enable
config port
edit "internal1"
next
edit "internal2"
next
end
set span-source-port "internal1"
set span-dest-port "internal2"
next
end
Intra-switch-policy Requirements (this cannot be changed after the switch is configured. Please delete the soft-switch and create it again.)
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.