I'm helping a customer migrate from a Cisco router w/ACL legacy security solution to a FTG w/UTM solution. They would like me to do a little discovery before the migration so they have configured a FTG 60D (unlicensed) in one-arm sniffer mode monitoring traffic both rx/tx to the router.
Doing a packet sniff on the CLI I can see the all the traffic being sent from the cisco span port properly, but nothing is showing up in any of the logs on the Fortigate. I'm running 6.0.X on the Fortigate and my sniffer port doesn't have any security profiles applied since the device is not licensed. I really just want to see the traffic itself and not looking for any IPS sensor functionality.
My suspicion is that even though I'm not applying any UTM to the traffic being sniffed a license still may be required, but wanted to bounce this off the community just to make sure.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.