Setting up Port Mirrors are a blast! Fortinet makes it super fun and complicated!
Be aware that only certain types of port mirrors are allowed based on the type of switch you have. For instance, Regular Port mirroring can be configured on all types of Fortiswitches, but ERSPAN Mirroring can only be configured on switches 200 level or higher EVEN THOUGH it allows configuration in the GUI.
To configure a port mirror on a Fortiswitch managed by Fortigate, launch the CLI Console.
config switch-controller managed-switch
edit <FortiSwitch_Serial_Number>
config mirror
edit <mirror_name>
set status active
set dst <port_name> <—– Always set the destination port before setting the src-ingress or src-egress ports
set switching-packet <enable | disable> <– set this to enable if you want the port to also pass traffic like normal
set src-ingress <port_name> <—– Set the source ingress physical ports that will be mirrored.
set src-egress <port_name> <—– Set the source egress physical ports that will be mirrored.
end
end
To configure on standalone Fortiswitch:
config switch mirror
edit <mirror_name>
set status active
set dst <port_name> <—– Always set the destination port before setting the src-ingress or src-egress ports.
set switching-packet <enable | disable>
set src-ingress <port_name> <—– Set the source ingress physical ports that will be mirrored.
set src-egress <port_name> <—– Set the source egress physical ports that will be mirrored.
end
Need networking help or assistance?
Email me directly to set up a consulting session!
