vsiva
Staff
Staff
Description
This article describes how to use Remote sampling on FortiSwitch to capture packets specific to port, Mac-addresses or IP.

Scope
For FortiSwitch manager by FortiGate.

Solution
In the below example, all traffic are sent on Port 1 to destination device '192.168.1.1'.
FortiGate-100E (root) # config  switch-controller  traffic-sniffer
FortiGate-100E (traffic-sniffer) set mode erspan-auto
FortiGate-100E (traffic-sniffer) set erspan-ip 192.168.1.1
The 'erspan-ip' is the target IP address for the traffic, which is routed through the FortiGate.
FortiGate-100E (traffic-sniffer) # config  ?
target-mac     Sniffer MACs to filter.         <----- Filter Mac-address.
target-ip      Sniffer IPs to filter.          <----- Filter IP-address.
target-port    Sniffer ports to filter.        <----- Filter target-port.  
FortiGate-100E (traffic-sniffer) # config target-port
FortiGate-100E (target-port) edit S448DF3X17-----4
FortiGate-100E (S448DF3X17-----4) set in-ports port1
FortiGate-100E (S448DF3X17-----4) set out-ports port1
FortiGate-100E (S448DF3X17-----4) next
FortiGate-100E (target-port) end
FortiGate-100E (traffic-sniffer) end
Refer the below cookbook page 4-5 for detailed explanation on various sampler methods:
https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/5213c217-37ee-11ea-9384-005056...

Contributors