Hello!
I want to implement Decrypted Traffic Mirror feature but I haven't seen a Fortinet document that would explain the Destination MAC meaning. What is it?
1a. The MAC for the webserver whose decrypted traffic will be mirrored?
1b. The MAC for the capturing server which captures the decrypted SSL traffic? It is more likely this case because the same GUI window also needs a port to send the decrypted traffic to.
2. If the given example with ff:ff:ff:ff:ff:ff works for all cases then what is the meaning of those f's? Is it a filter or exact-match value? What changes when I replace that part with ff:ff:ff:ff:ff:f0 or any other real value? I guess that depends on the answer from the first question. Why isn't there an IP-address instead, whichever case it is (1a or 1b)? Is there anything to do with mirroring the traffic to multiple servers and all f's send this traffic to all servers behind the physical/virtual port?
Solved! Go to Solution.
Hi,
Yes, you are right. The mac address is a broadcast address so that any host behind the mirrored port interface could get the traffic. You can configure with a real value too if intended only to be send to one specific host for reception.
Best regards,
Jin
Hi,
Yes, you are right. The mac address is a broadcast address so that any host behind the mirrored port interface could get the traffic. You can configure with a real value too if intended only to be send to one specific host for reception.
Best regards,
Jin
Thank you for information. So I understand it means this:
1. All f's means "MAC-broadcast": any server behind the port gets the traffic.
2. Anything else is only a specific MAC and only server with this MAC will get the decrypted traffic.
Yes, that's absolutely correct!
best regards,
Jin
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.