Can you create a span/mirror port on Firepower 1010 using the FMC

errMsg · ‎09-05-2020

Is it possible to create a span/mirror port on the Firepower 1010 device using the FMC console? I am using the firewall in routed mode but want all the network traffic to be mirrored on one port so I can do some traffic analysis with the security onion.

Mohammed al Baqari · ‎09-06-2020

Hi,

Port spanning can't be configured on firepower. This is done at the switch
level. You can configure passive interfaces on firepower to act as IDS.

**** please remember to rate useful posts

errMsg · ‎09-06-2020

I tried to make one port passive but I didnt see any traffic on it. I have 5 routed networks on the firepower device. I have the passive port connected to an esxi server.

Marvin Rhoads · ‎09-06-2020

Are you sure the traffic is leaving the ESXi server on that port? That's by far the most likely cause of an issue such as you describe.

errMsg · ‎09-06-2020

I was thinking that the firewall would be the one sending ALL the traffic to the passive port. From there I would connect from the firewall "Span" port >>>>to the computer's 2nd network interface I was going to use for analysis.

Mohammed al Baqari · ‎09-06-2020

Hi, the firewall can't forward the traffic internally from routed port to
passive port. You need to do this using a switch.

*** please remember to rate useful posts