Netflow on FortiOS

Fortigate now supports Netflow export by extending its monitoring capabilities to routers and switches. FortiOS 5.2  comes with several features, such as NetFlow V9 export for network devices like routers, switches, and Vdoms. Fortinet’s NetFlow exports unidirectional network flow records with fields such as IP addresses, packets, byte counts, time stamps, application ports, and input and output interfaces, which NetFlow Analyzer collects for reporting. The GUI configuration will be posted in the next blog. 

Configuration of NetFlow export in FortiOS 5.2. in the CLI mode.

config system netflow

set collector-ip 192.168.0.1

set collector-port 9996

set source-ip loopback1

set active-flow-timeout 1

set inactive-flow-timeout 15

end

Where, 192.168.0.1 is the IP address of the NetFlow server and loopback1 is the source interface on which NetFlow packets are exported from.

 

If it is a  VDOM environment, configure the device as follows:

config system vdomnetflow

set vdomnetflow enable

set collector-ip 192.168.0.1

set collector-port 9996

set source-ip loopback1

end

Where, 192.168.0.1 is the IP address of the NetFlow Analyzer server and loopback1 is the source interface on which NetFlow packets are exported from.

Ensure that flows exported from the device reach the NetFlow Analyzer server. Then, NetFlow analyzer will discover the device when the UDP packet reaches the server.

To review the NetFlow configuration, use the following commands in the CLI mode:

diagnose test application sflowd 3

diagnose test application sflowd 4

After the configuration is complete, NetFlow data will be exported, and you will start seeing results in the NetFlow Analyzer UI.

Demo| Download 30-day Trial  | Customers

 

Regards,

Senthil.N

You Can Learn More About the ManageEngine Product Line By Going to www.ManageEngine.ca

The original article/video can be found at Netflow on FortiOS

About the Author: Shannon Lewis

Leave a Reply Cancel reply