Netflow Templates

Netflow is a networking feature introduced by Cisco to collect and export information about traffic flow through routers. IPFIX (Internet Protocol Flow Information Export) is the standardized Internet Protocol based on NetFlow version 9. The standard requirements for IPFIX are outlined in RFC 3197 and its basic specifications and other information are documented in RFC 5103, RFC 6759 and RFC 7011 through RFC 7015.

As of FortiOS 5.4.x, the firmware supports Netflow 9.0. In order to effectively use Netflow, it helps to have a reference for the supported Netflow templates. The template parameters have been included in the listed tables.

Listing of Netflow Templates for FortiOS 5.4.x or later

Name

ID

Description

Flow Options

256

Statistics info about exporter

Flow Options

257

Application Info

IPv4

258

No NAT IPv4 traffic

IPv6

259

No NAT IPv6 traffic

ICMP4

260

No NAT ICMPv4 traffic

ICMP6

261

No NAT ICMPv6 traffic

IPv4_NAT

262

Source/Dest NAT IPv4 traffic

IPV4_AF_NAT

263

AF NAT IPv4 traffic (4->6)

IPV6_NAT

264

Source/Dest NAT IPv6 traffic

IPV6_AF_NAT

265

AF NAT IPv6 traffic (6->4)

ICMPv4_NAT

266

Source/Dest NAT ICMPv4 traffic

ICMP4_AF_NAT

267

AF NAT ICMPv4 traffic (4->6)

ICMP6_NAT

268

Source/Dest NAT ICMPv6 traffic

ICMPv6_AF_NAT

269

AF NAT ICMPv6 traffic (6->4)

ID 256 – Flow options

  • Description: Statistics info about exporter
  • Scope Field Count: 1
  • Data Field Count: 7
  • Option Scope Length: 4
  • Option Length: 28
  • Padding: 0000

Scope Fields

Field #

Field

Scope Type

Length

1

System

System (1)

2

Data Fields

Field #

Field

Scope Type

Length

1

TOTAL_BYTES_EXP

TOTAL_BYTES_EXP (40)

8

2

TOTAL_PKTS_EXP

TOTAL_PKTS_EXP (41)

8

3

TOTAL_FLOWS_EXP

TOTAL_FLOWS_EXP (42)

8

4

FLOW_ACTIVE_TIMEOUT

FLOW_ACTIVE_TIMEOUT (36)

2

5

FLOW_INACTIVE_TIMEOUT

FLOW_INACTIVE_TIMEOUT (37)

2

6

SAMPLING_INTERVAL

SAMPLING_INTERVAL (34)

4

7

SAMPLING_ALGORITHM

SAMPLING_ALGORITHM (35)

1

ID 257 – Flow options

  • Description: Application Info
  • Scope Field Count: 1
  • Data Field Count: 4
  • Option Scope Length: 4
  • Option Length: 16
  • Padding: 0000

Scope Fields

Field #

Field

Scope Type

Length

1

System

System (1)

2

Data Fields

Field #

Field

Scope Type

Length

1

APPLICATION_ID

APPLICATION_ID (95)

9

2

APPLICATION_NAME

APPLICATION_NAME (96)

64

3

APPLICATION_DESC

APPLICATION_DESC (94)

64

4

applicationCategoryName

applicationCategoryName (372)

32

ID 258 – IPV4

  • Description: No NAT IPv4 traffic
  • Data Field Count: 17

Data Fields

Field #

Field

Scope Type

Length

1

BYTES

BYTES (1)

8

2

OUT_BYTES

OUT_BYTES (23)

8

3

PKTS

PKTS (2)

4

4

OUT_PKTS

OUT_PKTS (24)

4

5

FIRST_SWITCHED

FIRST_SWITCHED (22)

4

6

LAST_SWITCHED

LAST_SWITCHED (21)

4

7

L4_SRC_PORT

L4_SRC_PORT (7)

2

8

L4_DST_PORT

L4_DST_PORT (11)

2

9

INPUT_SNMP

INPUT_SNMP (10)

2

10

OUTPUT_SNMP

OUTPUT_SNMP (14)

2

11

PROTOCOL

PROTOCOL (4)

1

12

APPLICATION_ID

APPLICATION_ID (95)

9

13

Unknown(65)

Unknown (65)

2

14

FORWARDING_STATUS

FORWARDING_STATUS (89)

1

15

flowEndReason

flowEndReason (136)

1

16

IP_SRC_ADDR

IP_SRC_ADDR (8)

4

17

IP_DST_ADDR

IP_DST_ADDR (12)

4

ID 259 – IPV6

  • Description: No NAT IPv6 traffic
  • Data Field Count: 17

Data Fields

Field #

Field

Scope Type

Length

1

BYTES

BYTES (1)

8

2

OUT_BYTES

OUT_BYTES (23)

8

3

PKTS

PKTS (2)

4

4

OUT_PKTS

OUT_PKTS (24)

4

5

FIRST_SWITCHED

FIRST_SWITCHED (22)

4

6

LAST_SWITCHED

LAST_SWITCHED (21)

4

7

L4_SRC_PORT

L4_SRC_PORT (7)

2

8

L4_DST_PORT

L4_DST_PORT (11)

2

9

INPUT_SNMP

INPUT_SNMP (10)

2

10

OUTPUT_SNMP

OUTPUT_SNMP (14)

2

11

PROTOCOL

PROTOCOL (4)

1

12

APPLICATION_ID

APPLICATION_ID (95)

9

13

Unknown(65)

Unknown (65)

2

14

FORWARDING_STATUS

FORWARDING_STATUS (89)

1

15

flowEndReason

flowEndReason (136)

1

16

IPV6_SRC_ADDR

IPV6_SRC_ADDR (27)

16

17

IPV6_DST_ADDR

IPV6_DST_ADDR (28)

16

ID 260 – ICMP4

  • Description: No NAT ICMPv4 traffic
  • Data Field Count: 16

Data Fields

Field #

Field

Scope Type

Length

1

BYTES

BYTES (1)

8

2

OUT_BYTES

OUT_BYTES (23)

8

3

PKTS

PKTS (2)

4

4

OUT_PKTS

OUT_PKTS (24)

4

5

FIRST_SWITCHED

FIRST_SWITCHED (22)

4

6

LAST_SWITCHED

LAST_SWITCHED (21)

4

7

INPUT_SNMP

INPUT_SNMP (10)

2

8

OUTPUT_SNMP

OUTPUT_SNMP (14)

2

9

ICMP_TYPE

ICMP_TYPE (32)

2

10

PROTOCOL

PROTOCOL (4)

1

11

APPLICATION_ID

APPLICATION_ID (95)

9

12

Unknown(65)

Unknown (65)

2

13

FORWARDING_STATUS

FORWARDING_STATUS (89)

1

14

flowEndReason

flowEndReason (136)

1

15

IP_SRC_ADDR

IP_SRC_ADDR (8)

4

16

IP_DST_ADDR

IP_DST_ADDR(12)

4

ID 261 – ICMP6

  • Description: No NAT ICMPv6 traffic
  • Data Field Count: 16

Data Fields

Field #

Field

Scope Type

Length

1

BYTES

BYTES (1)

8

2

OUT_BYTES

OUT_BYTES (23)

8

3

PKTS

PKTS (2)

4

4

OUT_PKTS

OUT_PKTS (24)

4

5

FIRST_SWITCHED

FIRST_SWITCHED (22)

4

6

LAST_SWITCHED

LAST_SWITCHED (21)

4

7

INPUT_SNMP

INPUT_SNMP (10)

2

8

OUTPUT_SNMP

OUTPUT_SNMP (14)

2

9

ICMP_TYPE

ICMP_TYPE (32)

2

10

PROTOCOL

PROTOCOL (4)

1

11

APPLICATION_ID

APPLICATION_ID (95)

9

12

Unknown(65)

Unknown (65)

2

13

FORWARDING_STATUS

FORWARDING_STATUS (89)

1

14

flowEndReason

flowEndReason (136)

1

15

IPV6_SRC_ADDR

IPV6_SRC_ADDR (27)

16

16

IPV6_DST_ADDR

IPV6_DST_ADDR (28)

16

ID 262 – IPV4_NAT

  • Description: Source/Dest NAT IPv4 traffic
  • Data Field Count: 21

Data Fields

Field #

Field

Scope Type

Length

1

BYTES

BYTES (1)

8

2

OUT_BYTES

OUT_BYTES (23)

8

3

PKTS

PKTS (2)

4

4

OUT_PKTS

OUT_PKTS (24)

4

5

FIRST_SWITCHED

FIRST_SWITCHED (22)

4

6

LAST_SWITCHED

LAST_SWITCHED (21)

4

7

L4_SRC_PORT

L4_SRC_PORT (7)

2

8

L4_DST_PORT

L4_DST_PORT (11)

2

9

INPUT_SNMP

INPUT_SNMP (10)

2

10

OUTPUT_SNMP

OUTPUT_SNMP (14)

2

11

PROTOCOL

PROTOCOL (4)

1

12

APPLICATION_ID

APPLICATION_ID (95)

9

13

Unknown(65)

Unknown (65)

2

14

FORWARDING_STATUS

FORWARDING_STATUS (89)

1

15

flowEndReason

flowEndReason (136)

1

16

IP_SRC_ADDR

IP_SRC_ADDR (8)

4

17

IP_DST_ADDR

IP_DST_ADDR (12)

4

18

postNATSourceIPv4Address

postNATSourceIPv4Address (225)

4

19

postNATDestinationIPv4Address

postNATDestinationIPv4Address (226)

4

20

postNAPTSourceTransportPort

postNAPTSourceTransportPort (227)

2

21

postNAPTDestinationTransportPort

postNAPTDestinationTransportPort (228)

2

ID 263 – IPV6_NAT

  • Description: Source/Dest NAT IPv6 traffic
  • Data Field Count: 21

Data Fields

Field #

Field

Scope Type

Length

1

BYTES

BYTES (1)

8

2

OUT_BYTES

OUT_BYTES (23)

8

3

PKTS

PKTS (2)

4

4

OUT_PKTS

OUT_PKTS (24)

4

5

FIRST_SWITCHED

FIRST_SWITCHED (22)

4

6

LAST_SWITCHED

LAST_SWITCHED (21)

4

7

L4_SRC_PORT

L4_SRC_PORT (7)

2

8

L4_DST_PORT

L4_DST_PORT (11)

2

9

INPUT_SNMP

INPUT_SNMP (10)

2

10

OUTPUT_SNMP

OUTPUT_SNMP (14)

2

11

PROTOCOL

PROTOCOL (4)

1

12

APPLICATION_ID

APPLICATION_ID (95)

9

13

Unknown(65)

Unknown(65)

2

14

FORWARDING_STATUS

FORWARDING_STATUS (89)

1

15

flowEndReason

flowEndReason (136)

1

16

IP_SRC_ADDR

IP_SRC_ADDR (8)

4

17

IP_DST_ADDR

IP_DST_ADDR (12)

4

18

postNATSourceIPv6Address

postNATSourceIPv6Address (281)

16

19

postNATDestinationIPv6Address

postNATDestinationIPv6Address (282)

16

20

postNAPTSourceTransportPort

postNAPTSourceTransportPort (227)

2

21

postNAPTDestinationTransportPort

postNAPTDestinationTransportPort (228)

2

ID 264 – IPV4_AF_NAT

  • Description: AF NAT IPv4 traffic (4->6)
  • Data Field Count: 21

Data Fields

Field #

Field

Scope Type

Length

1

BYTES

BYTES (1)

8

2

OUT_BYTES

OUT_BYTES (23)

8

3

PKTS

PKTS (2)

4

4

OUT_PKTS

OUT_PKTS (24)

4

5

FIRST_SWITCHED

FIRST_SWITCHED (22)

4

6

LAST_SWITCHED

LAST_SWITCHED (21)

4

7

L4_SRC_PORT

L4_SRC_PORT (7)

2

8

L4_DST_PORT

L4_DST_PORT (11)

2

9

INPUT_SNMP

INPUT_SNMP (10)

2

10

OUTPUT_SNMP

OUTPUT_SNMP (14)

2

11

PROTOCOL

PROTOCOL (4)

1

12

APPLICATION_ID

APPLICATION_ID (95)

9

13

Unknown(65)

Unknown(65)

2

14

FORWARDING_STATUS

FORWARDING_STATUS (89)

1

15

flowEndReason

flowEndReason (136)

1

16

IPV6_SRC_ADDR

IPV6_SRC_ADDR (27)

16

17

IPV6_DST_ADDR

IPV6_DST_ADDR (28)

16

18

postNATSourceIPv6Address

postNATSourceIPv6Address (281)

16

19

postNATDestinationIPv6Address

postNATDestinationIPv6Address (282)

16

20

postNAPTSourceTransportPort

postNAPTSourceTransportPort (227)

2

21

postNAPTDestinationTransportPort

postNAPTDestinationTransportPort (228)

2

ID 265 – IPV6_AF_NAT

  • Description: AF NAT IPv6 traffic (6->4)
  • Data Field Count: 21

Data Fields

Field #

Field

Scope Type

Length

1

BYTES

BYTES (1)

8

2

OUT_BYTES

OUT_BYTES (23)

8

3

PKTS

PKTS (2)

4

4

OUT_PKTS

OUT_PKTS (24)

4

5

FIRST_SWITCHED

FIRST_SWITCHED (22)

4

6

LAST_SWITCHED

LAST_SWITCHED (21)

4

7

L4_SRC_PORT

L4_SRC_PORT (7)

2

8

L4_DST_PORT

L4_DST_PORT (11)

2

9

INPUT_SNMP

INPUT_SNMP (10)

2

10

OUTPUT_SNMP

OUTPUT_SNMP (14)

2

11

PROTOCOL

PROTOCOL (4)

1

12

APPLICATION_ID

APPLICATION_ID (95)

9

13

Unknown(65)

Unknown (65)

2

14

FORWARDING_STATUS

FORWARDING_STATUS (89)

1

15

flowEndReason

flowEndReason (136)

1

16

IPV6_SRC_ADDR

IPV6_SRC_ADDR (27)

16

17

IPV6_DST_ADDR

IPV6_DST_ADDR (28)

16

18

postNATSourceIPv4Address

postNATSourceIPv4Address (225)

4

19

postNATDestinationIPv4Address

postNATDestinationIPv4Address (226)

4

20

postNAPTSourceTransportPort

postNAPTSourceTransportPort (227)

2

21

postNAPTDestinationTransportPort

postNAPTDestinationTransportPort (228)

2

ID 266 – ICMPV4_NAT

  • Description: Source/Dest NAT ICMPv4 traffic
  • Data Field Count: 20

Data Fields

Field #

Field

Scope Type

Length

1

BYTES

BYTES (1)

8

2

OUT_BYTES

OUT_BYTES (23)

8

3

PKTS

PKTS (2)

4

4

OUT_PKTS

OUT_PKTS (24)

4

5

FIRST_SWITCHED

FIRST_SWITCHED (22)

4

6

LAST_SWITCHED

LAST_SWITCHED (21)

4

7

INPUT_SNMP

INPUT_SNMP (10)

2

8

OUTPUT_SNMP

OUTPUT_SNMP (14)

2

9

ICMP_TYPE

ICMP_TYPE (32)

2

10

PROTOCOL

PROTOCOL (4)

1

11

APPLICATION_ID

APPLICATION_ID (95)

9

12

Unknown(65)

Unknown (65)

2

13

FORWARDING_STATUS

FORWARDING_STATUS (89)

1

14

flowEndReason

flowEndReason (136)

1

15

IP_SRC_ADDR

IP_SRC_ADDR (8)

4

16

IP_DST_ADDR

IP_DST_ADDR (12)

4

17

postNATSourceIPv4Address

postNATSourceIPv4Address (225)

4

18

postNATDestinationIPv4Address

postNATDestinationIPv4Address (226)

4

19

postNAPTSourceTransportPort

postNAPTSourceTransportPort (227)

2

20

postNAPTDestinationTransportPort

postNAPTDestinationTransportPort (228)

2

ID 267 – ICMPV6_NAT

  • Description: Source/Dest NAT ICMPv6 traffic
  • Data Field Count: 20

Data Fields

Field #

Field

Scope Type

Length

1

BYTES

BYTES (1)

8

2

OUT_BYTES

OUT_BYTES (23)

8

3

PKTS

PKTS (2)

4

4

OUT_PKTS

OUT_PKTS (24)

4

5

FIRST_SWITCHED

FIRST_SWITCHED (22)

4

6

LAST_SWITCHED

LAST_SWITCHED (21)

4

7

INPUT_SNMP

INPUT_SNMP (10)

2

8

OUTPUT_SNMP

OUTPUT_SNMP (14)

2

9

ICMP_TYPE

ICMP_TYPE (32)

2

10

PROTOCOL

PROTOCOL (4)

1

11

APPLICATION_ID

APPLICATION_ID (95)

9

12

Unknown(65)

Unknown (65)

2

13

FORWARDING_STATUS

FORWARDING_STATUS (89)

1

14

flowEndReason

flowEndReason (136)

1

15

IP_SRC_ADDR

IP_SRC_ADDR (8)

4

16

IP_DST_ADDR

IP_DST_ADDR (12)

4

17

postNATSourceIPv6Address

postNATSourceIPv6Address (281)

16

18

postNATDestinationIPv6Address

postNATDestinationIPv6Address (282)

16

19

postNAPTSourceTransportPort

postNAPTSourceTransportPort (227)

2

20

postNAPTDestinationTransportPort

postNAPTDestinationTransportPort (228)

2

ID 268 – ICMPV4_AF_NAT

  • Description: AF NAT ICMPv4 traffic (4->6)
  • Data Field Count: 20

Data Fields

Field #

Field

Scope Type

Length

1

BYTES

BYTES (1)

8

2

OUT_BYTES

OUT_BYTES (23)

8

3

PKTS

PKTS (2)

4

4

OUT_PKTS

OUT_PKTS (24)

4

5

FIRST_SWITCHED

FIRST_SWITCHED (22)

4

6

LAST_SWITCHED

LAST_SWITCHED (21)

4

7

INPUT_SNMP

INPUT_SNMP (10)

2

8

OUTPUT_SNMP

OUTPUT_SNMP (14)

2

9

ICMP_TYPE

ICMP_TYPE (32)

2

10

PROTOCOL

PROTOCOL (4)

1

11

APPLICATION_ID

APPLICATION_ID (95)

9

12

Unknown(65)

Unknown (65)

2

13

FORWARDING_STATUS

FORWARDING_STATUS (89)

1

14

flowEndReason

flowEndReason (136)

1

15

IPV6_SRC_ADDR

IPV6_SRC_ADDR (27)

16

16

IPV6_DST_ADDR

IPV6_DST_ADDR (28)

16

17

postNATSourceIPv6Address

postNATSourceIPv6Address (281)

16

18

postNATDestinationIPv6Address

postNATDestinationIPv6Address (282)

16

19

postNAPTSourceTransportPort

postNAPTSourceTransportPort (227)

2

20

postNAPTDestinationTransportPort

postNAPTDestinationTransportPort (228)

2

ID 269 – ICMPV6_AF_NAT

  • Description: AF NAT ICMPv6 traffic (6->4)
  • Data Field Count: 20

Data Fields

Field #

Field

Scope Type

Length

1

BYTES

BYTES (1)

8

2

OUT_BYTES

OUT_BYTES (23)

8

3

PKTS

PKTS (2)

4

4

OUT_PKTS

OUT_PKTS (24)

4

5

FIRST_SWITCHED

FIRST_SWITCHED (22)

4

6

LAST_SWITCHED

LAST_SWITCHED (21)

4

7

INPUT_SNMP

INPUT_SNMP (10)

2

8

OUTPUT_SNMP

OUTPUT_SNMP (14)

2

9

ICMP_TYPE

ICMP_TYPE (32)

2

10

PROTOCOL

PROTOCOL (4)

1

11

APPLICATION_ID

APPLICATION_ID (95)

9

12

Unknown(65)

Unknown (65)

2

13

FORWARDING_STATUS

FORWARDING_STATUS (89)

1

14

flowEndReason

flowEndReason (136)

1

15

IPV6_SRC_ADDR

IPV6_SRC_ADDR (27)

16

16

IPV6_DST_ADDR

IPV6_DST_ADDR (28)

16