Hot!switch-interface mode, and span port?

Author
RJMcinty
New Member
  • Total Posts : 7
  • Scores: 0
  • Reward points: 0
  • Joined: 2013/03/31 09:35:35
  • Status: offline
2013/09/17 19:17:56 (permalink)
0

switch-interface mode, and span port?

Hoping someone can offer some suggestions on the best way to manage my config. I have a 40C, and am trying to get the ports configured this way:

WAN 1 - External network
WAN 2 - No connection
Internal 1 - Part of internal switch
Internal 2 - Part of internal switch
Internal 3 - Part of internal switch
Internal 4 - Span of the firewall side of WAN 1 (the " uplink" to the internal switch, if you will)
Internal 5 - DMZ, separate network going to the External network

Right now, I' ve got Internal 4 as a span of all the ports on the internal switch (but haven' t verified it 100% yet), but don' t really want that; I just want to tap off the incoming/outgoing packets.

I' ve pasted the relevant parts of my config below (minus the parts about DHCP server, etc.), and hope that someone can offer some suggestions on how to mirror just the post-firewall WAN1 traffic.

One thing that I' ve considered (but don' t know if it would work, and don' t want the complexity) is to switch-interface internal 1-3, and then have another switch with that switch and internal 4 on it, with the span defined there. Don' t even know if that would work.

Thoughts?

Thanks!!!
Robert


config system switch-interface
edit " internal_1234"
set member " internal1" " internal2" " internal3" " internal4"
set span enable
set vdom " root"
set span-dest-port " internal4"
set span-source-port " internal1" " internal2" " internal3"
next
end
config system interface
edit " wan1"
set vdom " root"
set mode dhcp
set allowaccess ping fgfm
set type physical
set alias " Internet - 1"
set defaultgw enable
next
edit " internal1"
set vdom " root"
next
edit " internal2"
set vdom " root"
next
edit " internal3"
set vdom " root"
next
edit " internal4"
set vdom " root"
next
edit " internal5"
set vdom " root"
set ip 192.168.20.99 255.255.255.0
set allowaccess ping https ssh http fgfm
set type physical
set alias " InternalNetwork - GUEST"
next
edit " internal_1234"
set vdom " root"
set ip 192.168.10.99 255.255.255.0
set allowaccess ping https ssh http fgfm
set type switch
set alias " InternalNetwork - Private"
next
end
#1

1 Reply Related Threads

    adogra
    Bronze Member
    • Total Posts : 30
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/10/10 07:32:00
    • Status: offline
    Re: switch-interface mode, and span port? 2019/01/03 08:04:24 (permalink)
    0
    Thanks for sharing config. So I'm in same boat and trying to capture multiple ports in fortigate 200 D to 1 port as span. Above config looks like its possible. 
     
    Cheers
    #2
    Jump to:
    © 2019 APG vNext Commercial Version 5.5