Firewall is one of the most essential device in any network – be it a home or enterprise network. With increasing number of security violations and attacks on networks, firewalls have turned out to be a definite network component.

The cost of high speed bandwidth and importance to up time of business applications makes bandwidth monitoring and traffic analytics important. Many technologies are available for bandwidth monitoring, but the one that stands out is NetFlow due to it being less resource intensive on the network as well as the equipment and at the same time for being able to give in depth details.

Many firewall equipment vendors like Cisco (ASA device), Juniper, Fortinet, Ruijie and Sonicwall have now started NetFlow or sFlow support. Since, NetFlow Analyzer supports all these technologies, you can now use your existing installation of NetFlow Analyzer to monitor your firewall devices too.

Over the next couple of weeks, we will post the NetFlow/sFlow configuration on major firewall devices starting off with the sFlow configuration on Fortinet devices in this post.

Fortinet sFlow Confiugration

Fortigate has extended its feature list to support sFlow export on Fortinet which helps monitor traffic passing through each interface. sFlow agents can be added to any Fortinet interface but is not supported on some virtual interfaces such as IPSec, gre, and ssl.<vdom>.

Following is the set of configuration that has to be applied on Fortinet devcie to export sFlow packets:

1. Set sFlow collector/server IP on the FortiGate.

config system sflow

set collector-ip <NetFlow Analyzer IP address>

set collector-port xxxx (use 9996)

end

To configure per VDOM.

config system vdom-sflow

set vdom-sflow [disable*|enable]

set collector-ip <NetFlow Analyzer IP Address>

set collector-port xxxx (default udp port 9996)

end

2. Configure sFlow agents per interface.

config sys interface

edit

set sflow-sampler [disable*|enable]

set sample-rate xxxx //sample ever xxxx packets

set sample-direction [tx|rx|both*]

set polling-interval xx //in secs

next

end

NetFlow Analyzer will automatically capture the exported sFlow packets and generate the reports. Start your monitoring today. Try the fully featured 30 day trial today.

Demo | Download 30-day Trial Twitter  | Customers

Regards,
Praveen Kumar

  1. Rasli

    How to disable back the netflow setting? i configured external interface to transfer netflow but plan to disable it