Mirroring packets offloaded by NP7 processors
Using NP7 packet mirroring, you can mirror (or copy) packets offloaded by NP7 processors to a FortiGate interface. The interface sends the mirrored packets to an external server for storage or analysis.
You configure NP7 packet mirroring by enabling port-morroring for a physical interface. Once enabled, all traffic passing through that interface that is offloaded by NP7 processors can be copied to a mirroring interface (mirroring-port). You can configure NP7 packet mirroring to send all packets passing through the interface in either direction or you can mirror just packets sent (tx) or received (rx) by the interface.
config system interface
edit <interface-name>
set port-mirroring {disable | enable}
set mirroring direction {both | rx | tx}
set mirroring-port <interface-name>
end
For example, use the following command to mirror all NP7-offloaded packets sent by the port7 interface to the port20 interface.
config system interface
edit port7
set port-mirroring enable
set mirroring direction tx
set mirroring-port port20
end
You must send the mirrored packets to a different interface than the interface that sends or receives them. You can enable NP7 packet mirroring for multiple interfaces and send mirrored packets from more than one interface to the same mirroring interface.
Filtering mirrored packets
For each interface that is mirroring NP7 packets, you can optionally configure mirror filtering to restrict the packets that are mirrored. Mirror filtering can restrict packet mirroring by source IP address, destination IP address, source port, destination port, and protocol.
You can create one filter per interface. The default setting of each option means no filtering.
config system interface
edit <interface-name>
set port-mirroring enable
config mirroring-filter
set filter-srcip <ip-address>
set filter-dstip <ip-address>
set filter-sport <port>
set filter-dport <port>
set filter-protocol <protocol>
end