The Switch Port Analyzer (SPAN) feature is now available for hardware switch interfaces on FortiGate models with built-in hardware switches (for example, the FortiGate-100D, 140D, and 200D etc.). The SPAN feature (also called port mirroring) allows you to send a copy of the packets received or sent by one interface to another. So, for example, you could send all traffic received by the WAN interface to another interface and connect a sniffer to that other interface to monitor the traffic on the WAN interface.

To enable SPAN on a hardware switch, go to System > Network > Interfaces and edit a hardware switch interface. By default the system may have a hardware switch interface called lan. You can also create a new hardware switch interface.

Select the SPAN checkbox. Select a source port from which traffic will be mirrored. Select the destination port to which the mirrored traffic is sent. Select to mirror traffic received, traffic sent, or both.

You can also enable SPAN in the CLI: