Configure Port Mirroring

Port mirroring (SPAN) copies traffic from one or more switch ports to a destination port — typically where you've plugged in a packet analyzer (Wireshark, IDS) or a recording device. Useful for forensics, troubleshooting, and compliance.

Steps

1. WiFi & Switch Controller → FortiSwitch Ports.
2. + Add Port Mirror Session (or via dropdown action on a port).
3. Fill in:
   • Mirror Name — e.g. Mirror-Sales-to-Wireshark.
   • Destination Port — port where the analyzer is plugged in.
   • Source Ports — ports whose traffic you want to capture.
   • Direction — Both, Tx only, Rx only.
   • Switching Packets — Enable to allow normal switching on the destination port too (rare; usually disable for clean capture).
4. OK.

📸 Screenshot needed

Port mirror config dialog showing source/destination port pickers.

CLI Equivalent

config switch-controller managed-switch
edit "S108EXXXXXXXXX"
    config mirror
        edit "Mirror-Sales-to-Wireshark"
            set status active
            set dst "port24"
            set src-ingress "port5" "port6" "port7"
            set src-egress "port5" "port6" "port7"
        next
    end
next
end

Verify

Run Wireshark / tcpdump on the analyzer connected to the destination port. Should see mirrored traffic from source ports.

Common Issues

• No traffic at destination. Mirror not enabled, or source ports have no live traffic. Verify with diagnose switch-controller switch-info port-stats.
• Destination port saturates. Sum of source traffic exceeds destination port's bandwidth. Reduce sources or use a faster destination port (e.g. 10G).
• Destination port can't carry normal traffic. When mirror is active, port is dedicated. Use a separate port for normal connectivity.

Related Pages

• Set Up FortiLink
• Use the Packet Sniffer