NetFlow on FortiOS

Fortigate now supports NetFlow export by extending its monitoring capabilities to routers and switches. FortiOS 5.2 comes with several features, such as NetFlow V9 export for network devices like routers, switches, and VDOMs. ​Fortinet’s NetFlow exports unidirectional network flow records with fields such as IP addresses, packets, byte counts, time stamps, application ports, and input and output interfaces, which NetFlow Analyzer collects for reporting. The GUI configuration will be posted in the next blog. 

Configuration of NetFlow export in FortiOS 5.2. in CLI mode

config system netflow

set collector-ip 192.168.0.1

set collector-port 9996

set source-ip loopback1

set active-flow-timeout 1

set inactive-flow-timeout 15

end

—where 192.168.0.1 is the IP address of the NetFlow server, and loopback1 is the source interface on which NetFlow packets are exported from.

If it is a VDOM environment, configure the device as follows:

config system vdom–netflow

set vdom–netflow enable

set collector-ip 192.168.0.1

set collector-port 9996

set source-ip loopback1

end

—where 192.168.0.1 is the IP address of the NetFlow Analyzer server, and loopback1 is the source interface on which NetFlow packets are exported from.

Ensure that flows exported from the device reach the NetFlow Analyzer server. Then, NetFlow Analyzer will discover the device when the UDP packet reaches the server.

To review the NetFlow configuration, use the following commands in CLI mode:

diagnose test application sflowd 3

diagnose test application sflowd 4

After the configuration is complete, NetFlow data will be exported, and you will start seeing results in the NetFlow Analyzer UI.

Demo| Download 30-day trial | Customers