Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiWeb 6.3.23 CLI Reference
    6.3.23
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.23
    6.3.19
    6.3.18
    6.3.17
    6.3.16
    6.3.15
    6.3.14
    6.3.13
    6.3.11
    6.3.10
    6.3.9
    6.3.7
    6.3.6
    6.3.5
    6.3.4
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    5.7.0
    5.6.1
    5.6.0

    server policy traffic mirror

    server policy traffic-mirror

    Use this command to configure FortiWeb to send traffic to third party IPS/IDS devices through network interfaces for traffic monitoring in Reverse Proxy and True Transparent Proxy modes.

    See system feature-visibility for how to enable traffic mirror first.

    Syntax

    config server-policy traffic-mirror

    edit "<traffic-mirror_name>"

    config mirror-rule

    edit mirror-rule <mirror-rule_str>

    set mode {direct | switch | server}

    set interface <interface_int>

    set destination-mac <destination-mac_str>

    set server-ip <server-ip_str>

    set server-port <server-port_int>

    next

    end

    next

    end

    Variable Description Default

    "<traffic-mirror_name>"

    Enter a name for the traffic mirror policy.

    		 No default.

    mirror-rule <mirror-rule_str>

    		 Select the sequence number of the mirror rule created. No default.

    mode {direct | switch | server}

    		 Select one of the three modes:
    • Direct—the mirrored packets are directly sent to IPS/IDS devices.
    • Switch—the mirrored packets are sent to IPS/IDS devices through the switch.
    • Server—the mirrored packets are sent to the designated IP of IPS/IDS devices.
    		 direct

    interface <interface_int>

    		 When the mode is Direct, select one FortiWeb port to connect to IPS/IDS device.
    When the mode is Switch, select one FortiWeb port to connect to the switch.    		 No default.

    destination-mac <destination-mac_str>

    		 Type the MAC of IPS/IDS interface, where the traffic from FortiWeb goes to. Available only when mode {direct | switch | server} is Switch. No default.

    server-ip <server-ip_str>

    		 Enter the designated IP of IPS/IDS devices. Available only when mode {direct | switch | server} is Server. No default.

    server-port <server-port_int>

    		 Enter the HTTP port that the IPS/IDS devices can listen to. Available only when mode {direct | switch | server} is Server. No default.

    Example

    This example configures a traffic mirror policy.

    config server-policy traffic-mirror

    edit policy1

    config mirror-rule

    edit 2

    set mode direct

    set interface port1

    end

    next

    end

    Related topics

    Previous
    Next

    server policy traffic mirror

    server policy traffic-mirror

    Use this command to configure FortiWeb to send traffic to third party IPS/IDS devices through network interfaces for traffic monitoring in Reverse Proxy and True Transparent Proxy modes.

    See system feature-visibility for how to enable traffic mirror first.

    Syntax

    config server-policy traffic-mirror

    edit "<traffic-mirror_name>"

    config mirror-rule

    edit mirror-rule <mirror-rule_str>

    set mode {direct | switch | server}

    set interface <interface_int>

    set destination-mac <destination-mac_str>

    set server-ip <server-ip_str>

    set server-port <server-port_int>

    next

    end

    next

    end

    Variable Description Default

    "<traffic-mirror_name>"

    Enter a name for the traffic mirror policy.

    		 No default.

    mirror-rule <mirror-rule_str>

    		 Select the sequence number of the mirror rule created. No default.

    mode {direct | switch | server}

    		 Select one of the three modes:
    • Direct—the mirrored packets are directly sent to IPS/IDS devices.
    • Switch—the mirrored packets are sent to IPS/IDS devices through the switch.
    • Server—the mirrored packets are sent to the designated IP of IPS/IDS devices.
    		 direct

    interface <interface_int>

    		 When the mode is Direct, select one FortiWeb port to connect to IPS/IDS device.
    When the mode is Switch, select one FortiWeb port to connect to the switch.    		 No default.

    destination-mac <destination-mac_str>

    		 Type the MAC of IPS/IDS interface, where the traffic from FortiWeb goes to. Available only when mode {direct | switch | server} is Switch. No default.

    server-ip <server-ip_str>

    		 Enter the designated IP of IPS/IDS devices. Available only when mode {direct | switch | server} is Server. No default.

    server-port <server-port_int>

    		 Enter the HTTP port that the IPS/IDS devices can listen to. Available only when mode {direct | switch | server} is Server. No default.

    Example

    This example configures a traffic mirror policy.

    config server-policy traffic-mirror

    edit policy1

    config mirror-rule

    edit 2

    set mode direct

    set interface port1

    end

    next

    end

    Related topics

    Previous
    Next