Description | This article discusses about Port Mirroring/Spanning with FortiSwitches managed by FortiGate to call recording server. |
Scope | Multiple FortiSwitches managed by FortiGate, Call recording. |
Solution |
Port Mirroring/Spanning on FortiSwitches managed by FortiGate using ERSPAN.
Use Cases: - User wants to span voice traffic to a call-recording server. - Mirroring/Spanning ports on multiple FortiSwitches to a port sniffing traffic (using Wireshark).
Assumptions for this example: - The user has multiple FortiSwitches. - Phones are plugged into the Ports on the FortiSwitches. - FortiSwitchesare Managed by the FortiGate. - The sniffer ethernet port on the call recording server uses the same IP range as the phones and on the same VLAN as the phones.
Example: - Call recording server-192.168.1.2/24. - the Port is on the 'VOICE' VLAN. - Phones – 192.168.1.x/24. - There is a VOICE, DATA, rspan.fortilink (by default created). VLAN is already created.
Configuration on the FortiGate:
# config switch-controller traffic-sniffer set erspan-ip 192.168.1.2 <----- IP address of the recording call server port sniffing traffic. config target-port edit "S224FORTISWITCH" set in-ports "port6" set out-ports "port6" next edit "S448OTHERFORTISWITCH" set in-ports "port14" "port15" "port16" set out-ports "port14" "port15" "port16" next end end
Configuration on FortiSwitch Port: Native VLAN – 'DATA'. Allowed Vlans – 'VOICE and rspan.fortilink'.
Create a Firewall policy in the CLI to allow traffic from the FortiLink interface to the voice interface.
# config firewall policy
- Make a phone call. - Use the commands below:
# show switch-controller traffic-sniffer # diagnose switch-controller switch-info mirror status
- Open Wireshark and verify (erspan) traffic is reaching the server. Verify the VoIP call - in Wireshark, navigate to telephony -> VoIP call. - After traffic is visible on Wireshark from the phones, test the call recording application. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.