- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SPAN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
port6 is a layer2 port
And no on the last item, this mirror ssl-inspected packets after decoding.
I believe ( but never have done this ) , you could enable a span session if you have a virt-switch AND mirror-ssl-inspection to the same destination port. So if you need all traffic and decyrpted, try that along with your mirror.
e.g
config sys virtual-switch
edit lan
set span enable
set span-dest=port port6
set span-direction both
set span-source-port port1
end
The smaller FGT might not have this feature and CPU%util% could become extremely high but investigate and see what you have and can come up with.
I would do a ran span fwiw at a true l2/l3 switch and let the firewall be a "firewall", but that is my personal preference
Ken Felix
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do nothing but leave the port as a default port , no vlan, not part of a virt switch or anything and it would be a SPAN port to deliver the data to your tool or inspection device.
Ken Felix
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content