Is it possible to create a span/mirror port on the Firepower 1010 device using the FMC console? I am using the firewall in routed mode but want all the network traffic to be mirrored on one port so I can do some traffic analysis with the security onion.
I tried to make one port passive but I didnt see any traffic on it. I have 5 routed networks on the firepower device. I have the passive port connected to an esxi server.
Are you sure the traffic is leaving the ESXi server on that port? That's by far the most likely cause of an issue such as you describe.
I was thinking that the firewall would be the one sending ALL the traffic to the passive port. From there I would connect from the firewall "Span" port >>>>to the computer's 2nd network interface I was going to use for analysis.