Hi I am looking for a Fortigate with port mirroring functionality and i cant find any information about what models can do this, can the 60d do this or do i need to look for a bigger appliance?
Thanks
Solved! Go to Solution.
The Fotinet Feature/Platform Matrix shows which devices have hardware switches:
http://docs.fortinet.com/d/fortigate-fortios-5.6-feature-platform-matrix
That feature requires a Hardware switch and 5.2+ firmware. So any model that has a hardware switch (not a software based switch) can do port span.
I think there was some 5.0.x experimentation with allowing the feature on software switches. However, when you think about that it's pretty easy to see why it could fail fairly spectacularly when under load.
Some of the lower end models (like the 60D) have a built in switch, but the internal controls are done via software. Larger devices (like the 100D) have packet control of the switch handled through hardware. I'm not sure about devices in between like the 90D but I'm fairly sure those are software. So you probably need a 100D or larger device, with a built in switch.
From the FortiOS CLI reference, under system > switch-interface:
config system switch-interface
edit <group_name>
set member <iflist>
set span {enable | disable}
set span-dest-port <portnum>
set span-direction {rx | tx | both}
set span-source-port <portlist>
set type {hub | switch | hardware-switch}
set vdom <vdom_name>
end
Thanks Shawn, what appliance range is this for?
Shawn W wrote:From the FortiOS CLI reference, under system > switch-interface:
config system switch-interface
edit <group_name>
set member <iflist>
set span {enable | disable}
set span-dest-port <portnum>
set span-direction {rx | tx | both}
set span-source-port <portlist>
set type {hub | switch | hardware-switch}
set vdom <vdom_name>
end
I am not certain. I found this in the FortiOS CLI Reference for FortiOS 5.0
Working on similar for a 201e firewall.
I don't see the options in the GUI, however the CLI seems to support the commands. However, it won't let me use wan1 as a member, or a span source. Also, my switch ports (13 and 14) are an aggregate, so I am unable to select those either. Any ideas?
Trying to do something like this:
wf-fw01 (mirror) # show
config system switch-interface
edit "mirror"
set vdom "root"
set span enable
next
end
wf-fw01 (mirror) # set member port8
wf-fw01 (mirror) # set member wan1
entry not found in datasource
value parse error before 'wan1'
Command fail. Return code -3
wf-fw01 (mirror) #
As i mentioned 5.0 allowed this for software switches as well. That's a bad idea since high CPU levels cause dropped packets.
5.2+ won't allow the feature to be used on a device with a software switch, so if you don't get the right device you might wind up not being able to upgrade.
Take Adrian advice.
The cmds do exist even on the lower end models which is misleading btw ( 5.2.x ), and it will not allow you to select any ports after the enabling span.
Also with the span activity it's against "real ports" vrs virtual interfaces. So keep this in mind if you have vlan-interface, tunnels,etc....
As far as CPU impact even the larger chassis has shown a slight uptick in CPU usage from my experience.
PCNSE
NSE
StrongSwan
OK then i think a separate aggregation tap is required!
emnoc wrote:Take Adrian advice.
The cmds do exist even on the lower end models which is misleading btw ( 5.2.x ), and it will not allow you to select any ports after the enabling span.
Also with the span activity it's against "real ports" vrs virtual interfaces. So keep this in mind if you have vlan-interface, tunnels,etc....
As far as CPU impact even the larger chassis has shown a slight uptick in CPU usage from my experience.
Hi Experts,
I'm considering a scenario to SPAN traffic on the FortiGate, then have it sent to an attached pcap analyzer application (like Deep Discovery Inspector appliance) to analyze the packet for deeper visibility.
Kindly advise with your expertise.
Regards,
Lionel
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.