Stuck with my New Networking Lab

irdrgz

Hi everyone!

I have a lab set up on an ESXi server, provided by my university, where I am testing with pfSense and Security Onion. The idea is to simulate the network of a very small company. Here is an image of the topology:

As you can see, the router is connected to the physical interface of the server, where the whole network connects to the internet. NAT is also configured in it.
The firewall also acts as a gateway for the three subnets, a DMZ, a LAN and an exclusive network for the Security Onion server. In addition, it has configured the corresponding traffic rules for the DMZ, LAN, WAN and SecurityOnion subnets.

My problem comes now:
You see I want to configure a SPAN port on the firewall. The sniffing interface of the Security Onion server (which has no IP address) will be connected to it and I would like the firewall to forward to this server all the traffic that flows through it, whether it comes from the WAN, LAN or DMZ, so that I can analyse it and create alerts about it from the Security Onion console. How should I create this port? For now I have created a bridge interface where the Member Interfaces are the ones corresponding to the WAN, LAN and DMZ and in the Span Port I have selected the interface where I would connect the Security Onion Sniffing.

What can you correct? What can I improve? If you need any more details to have more context don't hesitate to ask.

Thank you very much for your help and best regards to all of you.