FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to troubleshoot if port mirroring is not found under the hardware switch settings in CLI or in GUI the feature is not working.
If the port mirroring cannot be found under the hardware switch settings in the CLI or the configuration disappears after saving, the following debug has to be run in the CLI session.
CLI:
diagnose debug reset diagnose debug cli 8
diagnose debug enable
After running the commands in the CLI, the configuration can be done in GUI and once done the following output may appear in the debug.
[__create_file_new_version:312] the new version config file '/data/./config/sys_global.conf.gz.v000000029' is created [symlink_config_file:379] a new version of '/data/./config/sys_global.conf.gz' is created: /data/./config/sys_global.conf.gz.v000000029 [symlink_config_file:423] the old version '/data/./config/sys_global.conf.gz.v000000028' is deleted [symlink_config_file:425] '/data/./config/sys_global.conf.gz' has been symlink'ed to the new version '/data/./config/sys_global.conf.gz.v000000029'. The old version '/data/./config/sys_global.conf.gz.v000000028' has been deleted zip config file /data/./config/sys_global.conf.gz success!
If a similar report is found after the interfaces in SPAN disappear or the settings vanish after configuration, report it to the Fortinet Technical Assistant Center.
Alternatively, packets can be mirrored for the NP7 processor for offloaded traffic. The following documents can be followed to configure port mirroring for the packets offloaded by NP7.
Lastly, not all the protocols will be offloaded by the NP7 processor and the list of supported protocols can be found in the hardware acceleration guide below.
