Network Tap (SPAN port) on FortiGate 100D (FortiOS 4.0MR3)

networking fortinet port-mirroring fortigate

14,724

Solution 1

From the FortiOS CLI reference, under system > switch-interface:

config system switch-interface
  edit <group_name>
    set member <iflist>
    set span {enable | disable}
    set span-dest-port <portnum>
    set span-direction {rx | tx | both}
    set span-source-port <portlist>
    set type {hub | switch | hardware-switch}
    set vdom <vdom_name>
  end

Solution 2

The above answer is for older models (4.0).

For newer models (5.0-5.4), look here

From the article:

The Switch Port Analyzer (SPAN) feature is now available for hardware switch interfaces on FortiGate models with built-in hardware switches (for example, the FortiGate-100D, 140D, and 200D etc.)

To enable SPAN on a hardware switch via the GUI, go to System > Network > Interfaces and edit a hardware switch interface.

By default the system may have a hardware switch interface called LAN. A new hardware switch interface can also be created. Select the SPAN check box, then select a source port from which traffic will be mirrored. Select the destination port to which the mirrored traffic is sent. Select to mirror traffic received, traffic sent, or both.

SPAN can also be enabled in the CLI:

config system virtual-switch
    edit <port>
    set span enable 
    set span-source-port <port>
    set span-dest-port <port>
    set span-direction {both | Tx | Rx} 
    end
end

14,724

Remi

Updated on September 18, 2022

Comments

Remi over 1 year
I'm dealing with a FortiGate 100D for the first time, and am scratching my head as there doesn't seem to be an easy way to mirror ports in the switch; which is really a facility that I presumed it would provide.

Ideally, I want to mirror one (or more) ports to another port, so that I can track the traffic that is flowing through it.

i.e.
- mirror WAN1 to an internal port
- mirror an internal port to a different internal port
- etc.
I could do it with a passive network tap, of course; but it seems really strange to me that the 100D doesn't seem to expose an easy way to do this.

I'm new to the hardware/FortiOS, though -- so possibly I am simply missing something obvious.

Many thanks if someone can point me in the direction of how to set this up on FortiOS/FortiGate.
- Remi almost 11 years
  
  Aha, nevermind. I found it in the FortiOS CLI reference, under switch-interface > span/span-dest-port/span-direction/span-source-port.
- mbrownnyc almost 11 years
  
  Remi: I get alerted for the tags fortinet and fortigate, so I came here. I just wanted to mention that I'm working on an NMS using a project called flow-inspector and a robust flow capturing software by a company qosient called argus. Both are free. Check them out.