Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet NSE5_FSW_AD-7.6 Exam - Topic 1 Question 6 Discussion

Actual exam question for Fortinet's NSE5_FSW_AD-7.6 exam
Question #: 6
Topic #: 1
[All NSE5_FSW_AD-7.6 Questions]

Refer to the exhibit.

You configured Switched Port Analyzer (SPAN) to monitor traffic from a source port on FortiSwitch 1, but the monitoring device is connected to FortiSwitch 2. After port mirroring configuration on FortiSwitch 1, the monitoring device is not receiving any mirrored traffic.

What is the most likely reason the mirrored traffic is not reaching the monitoring device? (Choose one answer)

Show Suggested Answer Hide Answer
Suggested Answer: A

Comprehensive and Detailed Explanation From Exact Extract of knowledge of FortiAnalyzer 7.6 Study guide documents:

Standard SPAN Limitation: Switched Port Analyzer (SPAN) is a local port mirroring technology. By design, SPAN copies traffic from one or more source ports (or VLANs) to a destination port on thesame physical switch.

Traffic Forwarding: Standard SPAN traffic is not encapsulated and does not have the necessary headers to be routed or switched across a network fabric or trunk links between multiple switches. Therefore, if the source port is on FortiSwitch 1 and the monitoring device is on FortiSwitch 2, the mirrored frames will not reach the destination.

Alternative Solutions: To monitor traffic across multiple switches (multi-hop), technologies such asRemote SPAN (RSPAN)orEncapsulated Remote SPAN (ERSPAN)must be used. RSPAN uses a specific VLAN to carry the mirrored traffic across switches, while ERSPAN encapsulates the traffic in GRE packets so it can be routed across Layer 3 boundaries.

Troubleshooting Conclusion: Since the scenario describes a standard SPAN configuration and the traffic is failing to traverse from FortiSwitch 1 to FortiSwitch 2, the most likely reason is that basic SPAN does not support forwarding mirrored traffic across multiple switches.


by Carlton at Mar 04, 2026, 04:24 AM

Limited Time Offer

25%

Off

Get Premium NSE5_FSW_AD-7.6 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Laura
15 days ago
Wait, are you sure about that? I thought it could work with the right setup.
upvoted 0 times
...
Brice
20 days ago
Totally agree, it's a common mistake!
upvoted 0 times
...
Johnson
26 days ago
A) SPAN doesn't forward across switches, that's the issue.
upvoted 0 times
...
Stefania
1 month ago
The monitoring device should be in the same subnet, right?
upvoted 0 times
...
Telma
1 month ago
You need to restart the SPAN session after changes.
upvoted 0 times
...
Jaime
1 month ago
Wait, I thought it could work across switches?
upvoted 0 times
...
Laine
2 months ago
Totally agree, it's a limitation of SPAN.
upvoted 0 times
...
Norah
2 months ago
SPAN doesn't forward traffic between switches.
upvoted 0 times
...
Mose
2 months ago
I thought ACLs were important for filtering traffic, but I don't think they apply to SPAN directly. So, I'm leaning towards option A as well.
upvoted 0 times
...
Eura
2 months ago
I vaguely recall a practice question where we had to consider the subnet for the monitoring device. Maybe option D is relevant here?
upvoted 0 times
...
Trinidad
2 months ago
I'm not entirely sure, but I feel like we discussed something about needing to restart the SPAN session after making changes. Could that be option C?
upvoted 0 times
...
Melda
2 months ago
I remember reading that SPAN typically doesn't forward traffic across different switches, so I think option A might be correct.
upvoted 0 times
...

Save Cancel