Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3635
Views
0
Helpful
5
Replies

Can you create a span/mirror port on Firepower 1010 using the FMC

errMsg
Level 1
Level 1

‎09-05-2020 07:41 PM

Is it possible to create a span/mirror port on the Firepower 1010 device using the FMC console?  I am using the firewall in routed mode but want all the network traffic to be mirrored on one port so I can do some traffic analysis with the security onion.

0 Helpful
5 Replies 5

Mohammed al Baqari
Level 11
Level 11

‎09-06-2020 12:19 AM

Hi,

Port spanning can't be configured on firepower. This is done at the switch
level. You can configure passive interfaces on firepower to act as IDS.

**** please remember to rate useful posts
0 Helpful

errMsg
Level 1
Level 1
In response to Mohammed al Baqari

‎09-06-2020 05:44 AM - edited ‎09-06-2020 06:00 AM

I tried to make one port passive but I didnt see any traffic on it.  I have 5 routed networks on the firepower device.  I have the passive port connected to an esxi server.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to errMsg

‎09-06-2020 07:44 AM

Are you sure the traffic is leaving the ESXi server on that port? That's by far the most likely cause of an issue such as you describe.

0 Helpful

errMsg
Level 1
Level 1
In response to Marvin Rhoads

‎09-06-2020 08:40 AM - edited ‎09-06-2020 08:40 AM

I was thinking that the firewall would be the one sending ALL the traffic to the passive port.  From there I would connect from the firewall "Span" port >>>>to the computer's 2nd network interface I was going to use for analysis.

0 Helpful

Mohammed al Baqari
Level 11
Level 11
In response to errMsg

‎09-06-2020 11:49 AM

Hi, the firewall can't forward the traffic internally from routed port to
passive port. You need to do this using a switch.

*** please remember to rate useful posts
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card