Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
RJMcinty
New Contributor

Created on ‎09-17-2013 07:17 PM

switch-interface mode, and span port?

Hoping someone can offer some suggestions on the best way to manage my config. I have a 40C, and am trying to get the ports configured this way: WAN 1 - External network WAN 2 - No connection Internal 1 - Part of internal switch Internal 2 - Part of internal switch Internal 3 - Part of internal switch Internal 4 - Span of the firewall side of WAN 1 (the " uplink" to the internal switch, if you will) Internal 5 - DMZ, separate network going to the External network Right now, I' ve got Internal 4 as a span of all the ports on the internal switch (but haven' t verified it 100% yet), but don' t really want that; I just want to tap off the incoming/outgoing packets. I' ve pasted the relevant parts of my config below (minus the parts about DHCP server, etc.), and hope that someone can offer some suggestions on how to mirror just the post-firewall WAN1 traffic. One thing that I' ve considered (but don' t know if it would work, and don' t want the complexity) is to switch-interface internal 1-3, and then have another switch with that switch and internal 4 on it, with the span defined there. Don' t even know if that would work. Thoughts? Thanks!!! Robert 
 config system switch-interface
     edit " internal_1234" 
             set member " internal1"  " internal2"  " internal3"  " internal4"              
         set span enable
         set vdom " root" 
         set span-dest-port " internal4" 
         set span-source-port " internal1"  " internal2"  " internal3"              
     next
 end
 config system interface
     edit " wan1" 
         set vdom " root" 
         set mode dhcp
         set allowaccess ping fgfm
         set type physical
         set alias " Internet - 1" 
         set defaultgw enable
     next
     edit " internal1" 
         set vdom " root" 
     next
     edit " internal2" 
         set vdom " root" 
     next
     edit " internal3" 
         set vdom " root" 
     next
     edit " internal4" 
         set vdom " root" 
     next
     edit " internal5" 
         set vdom " root" 
         set ip 192.168.20.99 255.255.255.0
         set allowaccess ping https ssh http fgfm
         set type physical
         set alias " InternalNetwork - GUEST" 
     next
     edit " internal_1234" 
         set vdom " root" 
         set ip 192.168.10.99 255.255.255.0
         set allowaccess ping https ssh http fgfm
         set type switch
         set alias " InternalNetwork - Private" 
     next
 end
10626
0 Kudos
3 REPLIES 3
adogra
New Contributor

Created on ‎01-03-2019 08:04 AM

Thanks for sharing config. So I'm in same boat and trying to capture multiple ports in fortigate 200 D to 1 port as span. Above config looks like its possible. 

 

Cheers

2650
0 Kudos
Barno99
New Contributor
In response to adogra

Created on ‎04-05-2019 08:28 AM

Hi did you manage to fix? I have a similar problem trying to get 4 ports to mirror to another port that has a DarkTrace Probe on it.

2650
0 Kudos
justinhatem
New Contributor

Created on ‎07-31-2019 07:50 AM

Looks to me like this part should work for basic wan1 mirroring, however I'm unable to add wan1 to the members, or select as a source: 

 

config system switch-interface edit "mirror" set member port5 wan1  set span enable set vdom root  set span-dest-port port5 set span-source-port wan1  end

 

I get an error saying that wan1 is not part of the dataset. 

2650
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.