https://live.paloaltonetworks.com/t5/general-topics/needed-confirmation-on-firewall-port-spanning-or-port-mirroring/m-p/327288#M83297 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/105432">@karthikeyanB</a>&nbsp;</P><P>This is not possible, you can't span from the firewall to somewhere else</P><P>The only thing that comes close is the decryption port mirror, but that applies only to decrypted ssl/tls</P><P>&nbsp;</P><P>Alternatively you can log export syslog which could feed a NAC user-ip mappings</P> Mon, 11 May 2020 05:42:33 GMT reaper 2020-05-11T05:42:33Z https://live.paloaltonetworks.com/t5/general-topics/needed-confirmation-on-firewall-port-spanning-or-port-mirroring/m-p/327160#M83272 <P>Dear Team,</P><P>&nbsp;</P><P>As per the customer requirement we want to perform Port spanning or port mirroring on the firewall interface so we need confirmation whether it is recommended from Palo Alto and if we perform this will there be any impact on the firewall as firewall is in production at data center or is there any alternate method for this.</P><P>&nbsp;</P><P>Request your immediate help on this.</P><P>&nbsp;</P><P>Regards</P><P>Karthikeyan Balamurugan</P> Sat, 09 May 2020 10:51:09 GMT https://live.paloaltonetworks.com/t5/general-topics/needed-confirmation-on-firewall-port-spanning-or-port-mirroring/m-p/327160#M83272 karthikeyanB 2020-05-09T10:51:09Z https://live.paloaltonetworks.com/t5/general-topics/needed-confirmation-on-firewall-port-spanning-or-port-mirroring/m-p/327173#M83274 <P>Customer requirement is SPAN traffic from Palo Alto on temporary basis to perform POC on NAC.</P><P>SPAN the traffic as mentioned below, so that a cable will be connected from Palo Alto to the server to get mirrored traffic from router zone.</P><P>&nbsp;</P><P>Source &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : Security Zone – Palo Alto (ae1.120)</P><P>Destination&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : Security Zone – NAC POC SPAN (To be created and assign to any free Ethernet physical interface(1000Mbps))</P><P>&nbsp;</P><P>Note : Make sure that production traffic is not disturbed.</P> Sat, 09 May 2020 13:37:11 GMT https://live.paloaltonetworks.com/t5/general-topics/needed-confirmation-on-firewall-port-spanning-or-port-mirroring/m-p/327173#M83274 karthikeyanB 2020-05-09T13:37:11Z https://live.paloaltonetworks.com/t5/general-topics/needed-confirmation-on-firewall-port-spanning-or-port-mirroring/m-p/327288#M83297 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/105432">@karthikeyanB</a>&nbsp;</P><P>This is not possible, you can't span from the firewall to somewhere else</P><P>The only thing that comes close is the decryption port mirror, but that applies only to decrypted ssl/tls</P><P>&nbsp;</P><P>Alternatively you can log export syslog which could feed a NAC user-ip mappings</P> Mon, 11 May 2020 05:42:33 GMT https://live.paloaltonetworks.com/t5/general-topics/needed-confirmation-on-firewall-port-spanning-or-port-mirroring/m-p/327288#M83297 reaper 2020-05-11T05:42:33Z https://live.paloaltonetworks.com/t5/general-topics/needed-confirmation-on-firewall-port-spanning-or-port-mirroring/m-p/327291#M83300 <P>I agree with&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/7608">@reaper</a>&nbsp; that firewall doesnt support port spanning in itself but you can go for one alternative which I always prefer.</P><P>Span the port of switch which is connected to firewall interface you want to monitor and then connect the mirrored port to your server . It&nbsp; will more or less serve you the same purpose.</P><P>Hope it helps ..Cheers !</P> Mon, 11 May 2020 06:01:55 GMT https://live.paloaltonetworks.com/t5/general-topics/needed-confirmation-on-firewall-port-spanning-or-port-mirroring/m-p/327291#M83300 KunalChopra 2020-05-11T06:01:55Z