Solution Packet mirroring allows to collect packets on specified ports and then send them to another port to be collected and analyzed. All FortiSwitch models support switched port analyzer(SPAN) mode, which mirrors traffic to the specified destination interface without encapsulation. STEPS TO CONFIGURE PORT MIRRORING ON A STANDALONE FortiSwitch.
From CLI access to standalone FortiSwitch using SSH/TeraTerm.
# config switch mirror edit <mirror_name> set status active set dst <port_name> <----- Always set the destination port before setting the src-ingress or src-egress ports. set switching-packet <enable | disable> set src-ingress <port_name> <----- Set the source ingress physical ports that will be mirrored. set src-egress <port_name> <----- Set the source egress physical ports that will be mirrored. end
STEPS TO CONFIGURE PORT MIRRORING ON A MANAGED FortiSwitch. From CLI access to FortiGate using SSH/TeraTerm.
# config switch-controller managed-switch edit <FortiSwitch_Serial_Number> # config mirror edit <mirror_name> set status active set dst <port_name> <----- Always set the destination port before setting the src-ingress or src-egress ports set switching-packet <enable | disable> set src-ingress <port_name> <----- Set the source ingress physical ports that will be mirrored. set src-egress <port_name> <----- Set the source egress physical ports that will be mirrored. end end
