Passing SPAN (Port-Mirror) Through Firewall Appliance

Hi guys,


I have the following topology:

Switch A <-> Firewall <-> Switch B


The firewall is running in Bridge-Mode. I want to configure SPAN on Switch A so that it will arrive to Switch B.

Is it possible using Bridge-Mode? Is there any special configuration I need to create under the specific Bridge-Group or physical interfaces? Will I be able to apply security elements such as policy and IPS on this traffic?

Bridge mode will only transfer traffic to the other side when the traffic needs to pass through the gateway. In other words traffic copied by the SPAN port is not destined to a mac address that is on switch-B, so it will NOT pass through the gateway, but it will be sent to the gateway though.
Regards, Maarten
