Netflow templates
Netflow uses templates to capture and categorize the information that it collects, using different templates for different types of data. FortiOS supports the following Netflow templates:
Flow Options |
256 |
Statistics info about exporter |
Flow Options |
257 |
Application Info |
IPv4 |
258 |
No NAT IPv4 traffic |
IPv6 |
259 |
No NAT IPv6 traffic |
ICMP4 |
260 |
No NAT ICMPv4 traffic |
ICMP6 |
261 |
No NAT ICMPv6 traffic |
IPv4_NAT |
262 |
Source/Dest NAT IPv4 traffic |
IPV4_AF_NAT |
263 |
AF NAT IPv4 traffic (4->6) |
IPV6_NAT |
264 |
Source/Dest NAT IPv6 traffic |
IPV6_AF_NAT |
265 |
AF NAT IPv6 traffic (6->4) |
ICMPv4_NAT |
266 |
Source/Dest NAT ICMPv4 traffic |
ICMP4_AF_NAT |
267 |
AF NAT ICMPv4 traffic (4->6) |
ICMP6_NAT |
268 |
Source/Dest NAT ICMPv6 traffic |
ICMPv6_AF_NAT |
269 |
AF NAT ICMPv6 traffic (6->4) |
The following sections list the fields in each template. Refer to the RFCs for descriptions of the field in the following sections.
ID 256 - Flow options
- Description: Statistics info about exporter
- Scope Field Count: 1
- Data Field Count: 7
- Option Scope Length: 4
- Option Length: 28
- Padding: 0000
Scope fields
Data fields
1 |
TOTAL_BYTES_EXP |
TOTAL_BYTES_EXP (40) |
8 |
2 |
TOTAL_PKTS_EXP |
TOTAL_PKTS_EXP (41) |
8 |
3 |
TOTAL_FLOWS_EXP |
TOTAL_FLOWS_EXP (42) |
8 |
4 |
FLOW_ACTIVE_TIMEOUT |
FLOW_ACTIVE_TIMEOUT (36) |
2 |
5 |
FLOW_INACTIVE_TIMEOUT |
FLOW_INACTIVE_TIMEOUT (37) |
2 |
6 |
SAMPLING_INTERVAL |
SAMPLING_INTERVAL (34) |
4 |
7 |
SAMPLING_ALGORITHM |
SAMPLING_ALGORITHM (35) |
1 |
ID 257 - Flow options
- Description: Application Info
- Scope Field Count: 1
- Data Field Count: 4
- Option Scope Length: 4
- Option Length: 16
- Padding: 0000
Scope fields
Data fields
1 |
APPLICATION_ID |
APPLICATION_ID (95) |
9 |
2 |
APPLICATION_NAME |
APPLICATION_NAME (96) |
64 |
3 |
APPLICATION_DESC |
APPLICATION_DESC (94) |
64 |
4 |
applicationCategoryName |
applicationCategoryName (372) |
32 |
ID 258 - IPV4
- Description: No NAT IPv4 traffic
- Data Field Count: 17
Data fields
1 |
BYTES |
BYTES (1) |
8 |
2 |
OUT_BYTES |
OUT_BYTES (23) |
8 |
3 |
PKTS |
PKTS (2) |
4 |
4 |
OUT_PKTS |
OUT_PKTS (24) |
4 |
5 |
FIRST_SWITCHED |
FIRST_SWITCHED (22) |
4 |
6 |
LAST_SWITCHED |
LAST_SWITCHED (21) |
4 |
7 |
L4_SRC_PORT |
L4_SRC_PORT (7) |
2 |
8 |
L4_DST_PORT |
L4_DST_PORT (11) |
2 |
9 |
INPUT_SNMP |
INPUT_SNMP (10) |
2 |
10 |
OUTPUT_SNMP |
OUTPUT_SNMP (14) |
2 |
11 |
PROTOCOL |
PROTOCOL (4) |
1 |
12 |
APPLICATION_ID |
APPLICATION_ID (95) |
9 |
13 |
Unknown(65) |
Unknown (65) |
2 |
14 |
FORWARDING_STATUS |
FORWARDING_STATUS (89) |
1 |
15 |
flowEndReason |
flowEndReason (136) |
1 |
16 |
IP_SRC_ADDR |
IP_SRC_ADDR (8) |
4 |
17 |
IP_DST_ADDR |
IP_DST_ADDR (12) |
4 |
ID 259 - IPV6
- Description: No NAT IPv6 traffic
- Data Field Count: 17
Data fields
1 |
BYTES |
BYTES (1) |
8 |
2 |
OUT_BYTES |
OUT_BYTES (23) |
8 |
3 |
PKTS |
PKTS (2) |
4 |
4 |
OUT_PKTS |
OUT_PKTS (24) |
4 |
5 |
FIRST_SWITCHED |
FIRST_SWITCHED (22) |
4 |
6 |
LAST_SWITCHED |
LAST_SWITCHED (21) |
4 |
7 |
L4_SRC_PORT |
L4_SRC_PORT (7) |
2 |
8 |
L4_DST_PORT |
L4_DST_PORT (11) |
2 |
9 |
INPUT_SNMP |
INPUT_SNMP (10) |
2 |
10 |
OUTPUT_SNMP |
OUTPUT_SNMP (14) |
2 |
11 |
PROTOCOL |
PROTOCOL (4) |
1 |
12 |
APPLICATION_ID |
APPLICATION_ID (95) |
9 |
13 |
Unknown(65) |
Unknown (65) |
2 |
14 |
FORWARDING_STATUS |
FORWARDING_STATUS (89) |
1 |
15 |
flowEndReason |
flowEndReason (136) |
1 |
16 |
IPV6_SRC_ADDR |
IPV6_SRC_ADDR (27) |
16 |
17 |
IPV6_DST_ADDR |
IPV6_DST_ADDR (28) |
16 |
ID 260 - ICMP4
- Description: No NAT ICMPv4 traffic
- Data Field Count: 16
Data fields
1 |
BYTES |
BYTES (1) |
8 |
2 |
OUT_BYTES |
OUT_BYTES (23) |
8 |
3 |
PKTS |
PKTS (2) |
4 |
4 |
OUT_PKTS |
OUT_PKTS (24) |
4 |
5 |
FIRST_SWITCHED |
FIRST_SWITCHED (22) |
4 |
6 |
LAST_SWITCHED |
LAST_SWITCHED (21) |
4 |
7 |
INPUT_SNMP |
INPUT_SNMP (10) |
2 |
8 |
OUTPUT_SNMP |
OUTPUT_SNMP (14) |
2 |
9 |
ICMP_TYPE |
ICMP_TYPE (32) |
2 |
10 |
PROTOCOL |
PROTOCOL (4) |
1 |
11 |
APPLICATION_ID |
APPLICATION_ID (95) |
9 |
12 |
Unknown(65) |
Unknown (65) |
2 |
13 |
FORWARDING_STATUS |
FORWARDING_STATUS (89) |
1 |
14 |
flowEndReason |
flowEndReason (136) |
1 |
15 |
IP_SRC_ADDR |
IP_SRC_ADDR (8) |
4 |
16
|
IP_DST_ADDR
|
IP_DST_ADDR(12)
|
4
|
ID 261 - ICMP6
- Description: No NAT ICMPv6 traffic
- Data Field Count: 16
Data fields
1 |
BYTES |
BYTES (1) |
8 |
2 |
OUT_BYTES |
OUT_BYTES (23) |
8 |
3 |
PKTS |
PKTS (2) |
4 |
4 |
OUT_PKTS |
OUT_PKTS (24) |
4 |
5 |
FIRST_SWITCHED |
FIRST_SWITCHED (22) |
4 |
6 |
LAST_SWITCHED |
LAST_SWITCHED (21) |
4 |
7 |
INPUT_SNMP |
INPUT_SNMP (10) |
2 |
8 |
OUTPUT_SNMP |
OUTPUT_SNMP (14) |
2 |
9 |
ICMP_TYPE |
ICMP_TYPE (32) |
2 |
10 |
PROTOCOL |
PROTOCOL (4) |
1 |
11 |
APPLICATION_ID |
APPLICATION_ID (95) |
9 |
12 |
Unknown(65) |
Unknown (65) |
2 |
13 |
FORWARDING_STATUS |
FORWARDING_STATUS (89) |
1 |
14 |
flowEndReason |
flowEndReason (136) |
1 |
15 |
IPV6_SRC_ADDR |
IPV6_SRC_ADDR (27) |
16 |
16 |
IPV6_DST_ADDR |
IPV6_DST_ADDR (28) |
16 |
ID 262 - IPV4_NAT
- Description: Source/Dest NAT IPv4 traffic
- Data Field Count: 21
Data fields
1 |
BYTES |
BYTES (1) |
8 |
2 |
OUT_BYTES |
OUT_BYTES (23) |
8 |
3 |
PKTS |
PKTS (2) |
4 |
4 |
OUT_PKTS |
OUT_PKTS (24) |
4 |
5 |
FIRST_SWITCHED |
FIRST_SWITCHED (22) |
4 |
6 |
LAST_SWITCHED |
LAST_SWITCHED (21) |
4 |
7 |
L4_SRC_PORT |
L4_SRC_PORT (7) |
2 |
8 |
L4_DST_PORT |
L4_DST_PORT (11) |
2 |
9 |
INPUT_SNMP |
INPUT_SNMP (10) |
2 |
10 |
OUTPUT_SNMP |
OUTPUT_SNMP (14) |
2 |
11 |
PROTOCOL |
PROTOCOL (4) |
1 |
12 |
APPLICATION_ID |
APPLICATION_ID (95) |
9 |
13 |
Unknown(65) |
Unknown (65) |
2 |
14 |
FORWARDING_STATUS |
FORWARDING_STATUS (89) |
1 |
15 |
flowEndReason |
flowEndReason (136) |
1 |
16 |
IP_SRC_ADDR |
IP_SRC_ADDR (8) |
4 |
17 |
IP_DST_ADDR |
IP_DST_ADDR (12) |
4 |
18 |
postNATSourceIPv4Address |
postNATSourceIPv4Address (225) |
4 |
19 |
postNATDestinationIPv4Address |
postNATDestinationIPv4Address (226) |
4 |
20 |
postNAPTSourceTransportPort |
postNAPTSourceTransportPort (227) |
2 |
21 |
postNAPTDestinationTransportPort |
postNAPTDestinationTransportPort (228) |
2 |
ID 263 - IPV6_NAT
- Description: Source/Dest NAT IPv6 traffic
- Data Field Count: 21
Data fields
1 |
BYTES |
BYTES (1) |
8 |
2 |
OUT_BYTES |
OUT_BYTES (23) |
8 |
3 |
PKTS |
PKTS (2) |
4 |
4 |
OUT_PKTS |
OUT_PKTS (24) |
4 |
5 |
FIRST_SWITCHED |
FIRST_SWITCHED (22) |
4 |
6 |
LAST_SWITCHED |
LAST_SWITCHED (21) |
4 |
7 |
L4_SRC_PORT |
L4_SRC_PORT (7) |
2 |
8 |
L4_DST_PORT |
L4_DST_PORT (11) |
2 |
9 |
INPUT_SNMP |
INPUT_SNMP (10) |
2 |
10 |
OUTPUT_SNMP |
OUTPUT_SNMP (14) |
2 |
11 |
PROTOCOL |
PROTOCOL (4) |
1 |
12 |
APPLICATION_ID |
APPLICATION_ID (95) |
9 |
13 |
Unknown(65) |
Unknown(65) |
2 |
14 |
FORWARDING_STATUS |
FORWARDING_STATUS (89) |
1 |
15 |
flowEndReason |
flowEndReason (136) |
1 |
16 |
IP_SRC_ADDR |
IP_SRC_ADDR (8) |
4 |
17 |
IP_DST_ADDR |
IP_DST_ADDR (12) |
4 |
18 |
postNATSourceIPv6Address |
postNATSourceIPv6Address (281) |
16 |
19 |
postNATDestinationIPv6Address |
postNATDestinationIPv6Address (282) |
16 |
20 |
postNAPTSourceTransportPort |
postNAPTSourceTransportPort (227) |
2 |
21 |
postNAPTDestinationTransportPort |
postNAPTDestinationTransportPort (228) |
2 |
ID 264 - IPV4_AF_NAT
- Description: AF NAT IPv4 traffic (4->6)
- Data Field Count: 21
Data fields
1 |
BYTES |
BYTES (1) |
8 |
2 |
OUT_BYTES |
OUT_BYTES (23) |
8 |
3 |
PKTS |
PKTS (2) |
4 |
4 |
OUT_PKTS |
OUT_PKTS (24) |
4 |
5 |
FIRST_SWITCHED |
FIRST_SWITCHED (22) |
4 |
6 |
LAST_SWITCHED |
LAST_SWITCHED (21) |
4 |
7 |
L4_SRC_PORT |
L4_SRC_PORT (7) |
2 |
8 |
L4_DST_PORT |
L4_DST_PORT (11) |
2 |
9 |
INPUT_SNMP |
INPUT_SNMP (10) |
2 |
10 |
OUTPUT_SNMP |
OUTPUT_SNMP (14) |
2 |
11 |
PROTOCOL |
PROTOCOL (4) |
1 |
12 |
APPLICATION_ID |
APPLICATION_ID (95) |
9 |
13 |
Unknown(65) |
Unknown(65) |
2 |
14 |
FORWARDING_STATUS |
FORWARDING_STATUS (89) |
1 |
15 |
flowEndReason |
flowEndReason (136) |
1 |
16 |
IPV6_SRC_ADDR |
IPV6_SRC_ADDR (27) |
16 |
17 |
IPV6_DST_ADDR |
IPV6_DST_ADDR (28) |
16 |
18 |
postNATSourceIPv6Address |
postNATSourceIPv6Address (281) |
16 |
19 |
postNATDestinationIPv6Address |
postNATDestinationIPv6Address (282) |
16 |
20 |
postNAPTSourceTransportPort |
postNAPTSourceTransportPort (227) |
2 |
21 |
postNAPTDestinationTransportPort |
postNAPTDestinationTransportPort (228) |
2 |
ID 265 - IPV6_AF_NAT
- Description: AF NAT IPv6 traffic (6->4)
- Data Field Count: 21
Data fields
1 |
BYTES |
BYTES (1) |
8 |
2 |
OUT_BYTES |
OUT_BYTES (23) |
8 |
3 |
PKTS |
PKTS (2) |
4 |
4 |
OUT_PKTS |
OUT_PKTS (24) |
4 |
5 |
FIRST_SWITCHED |
FIRST_SWITCHED (22) |
4 |
6 |
LAST_SWITCHED |
LAST_SWITCHED (21) |
4 |
7 |
L4_SRC_PORT |
L4_SRC_PORT (7) |
2 |
8 |
L4_DST_PORT |
L4_DST_PORT (11) |
2 |
9 |
INPUT_SNMP |
INPUT_SNMP (10) |
2 |
10 |
OUTPUT_SNMP |
OUTPUT_SNMP (14) |
2 |
11 |
PROTOCOL |
PROTOCOL (4) |
1 |
12 |
APPLICATION_ID |
APPLICATION_ID (95) |
9 |
13 |
Unknown(65) |
Unknown (65) |
2 |
14 |
FORWARDING_STATUS |
FORWARDING_STATUS (89) |
1 |
15 |
flowEndReason |
flowEndReason (136) |
1 |
16 |
IPV6_SRC_ADDR |
IPV6_SRC_ADDR (27) |
16 |
17 |
IPV6_DST_ADDR |
IPV6_DST_ADDR (28) |
16 |
18 |
postNATSourceIPv4Address |
postNATSourceIPv4Address (225) |
4 |
19 |
postNATDestinationIPv4Address |
postNATDestinationIPv4Address (226) |
4 |
20 |
postNAPTSourceTransportPort |
postNAPTSourceTransportPort (227) |
2 |
21 |
postNAPTDestinationTransportPort |
postNAPTDestinationTransportPort (228) |
2 |
ID 266 - ICMPV4_NAT
- Description: Source/Dest NAT ICMPv4 traffic
- Data Field Count: 20
Data fields
1 |
BYTES |
BYTES (1) |
8 |
2 |
OUT_BYTES |
OUT_BYTES (23) |
8 |
3 |
PKTS |
PKTS (2) |
4 |
4 |
OUT_PKTS |
OUT_PKTS (24) |
4 |
5 |
FIRST_SWITCHED |
FIRST_SWITCHED (22) |
4 |
6 |
LAST_SWITCHED |
LAST_SWITCHED (21) |
4 |
7 |
INPUT_SNMP |
INPUT_SNMP (10) |
2 |
8 |
OUTPUT_SNMP |
OUTPUT_SNMP (14) |
2 |
9 |
ICMP_TYPE |
ICMP_TYPE (32) |
2 |
10 |
PROTOCOL |
PROTOCOL (4) |
1 |
11 |
APPLICATION_ID |
APPLICATION_ID (95) |
9 |
12 |
Unknown(65) |
Unknown (65) |
2 |
13 |
FORWARDING_STATUS |
FORWARDING_STATUS (89) |
1 |
14 |
flowEndReason |
flowEndReason (136) |
1 |
15 |
IP_SRC_ADDR |
IP_SRC_ADDR (8) |
4 |
16 |
IP_DST_ADDR |
IP_DST_ADDR (12) |
4 |
17 |
postNATSourceIPv4Address |
postNATSourceIPv4Address (225) |
4 |
18 |
postNATDestinationIPv4Address |
postNATDestinationIPv4Address (226) |
4 |
19 |
postNAPTSourceTransportPort |
postNAPTSourceTransportPort (227) |
2 |
20 |
postNAPTDestinationTransportPort |
postNAPTDestinationTransportPort (228) |
2 |
ID 267 - ICMPV6_NAT
- Description: Source/Dest NAT ICMPv6 traffic
- Data Field Count: 20
Data fields
1 |
BYTES |
BYTES (1) |
8 |
2 |
OUT_BYTES |
OUT_BYTES (23) |
8 |
3 |
PKTS |
PKTS (2) |
4 |
4 |
OUT_PKTS |
OUT_PKTS (24) |
4 |
5 |
FIRST_SWITCHED |
FIRST_SWITCHED (22) |
4 |
6 |
LAST_SWITCHED |
LAST_SWITCHED (21) |
4 |
7 |
INPUT_SNMP |
INPUT_SNMP (10) |
2 |
8 |
OUTPUT_SNMP |
OUTPUT_SNMP (14) |
2 |
9 |
ICMP_TYPE |
ICMP_TYPE (32) |
2 |
10 |
PROTOCOL |
PROTOCOL (4) |
1 |
11 |
APPLICATION_ID |
APPLICATION_ID (95) |
9 |
12 |
Unknown(65) |
Unknown (65) |
2 |
13 |
FORWARDING_STATUS |
FORWARDING_STATUS (89) |
1 |
14 |
flowEndReason |
flowEndReason (136) |
1 |
15 |
IP_SRC_ADDR |
IP_SRC_ADDR (8) |
4 |
16 |
IP_DST_ADDR |
IP_DST_ADDR (12) |
4 |
17 |
postNATSourceIPv6Address |
postNATSourceIPv6Address (281) |
16 |
18 |
postNATDestinationIPv6Address |
postNATDestinationIPv6Address (282) |
16 |
19 |
postNAPTSourceTransportPort |
postNAPTSourceTransportPort (227) |
2 |
20 |
postNAPTDestinationTransportPort |
postNAPTDestinationTransportPort (228) |
2 |
ID 268 - ICMPV4_AF_NAT
- Description: AF NAT ICMPv4 traffic (4->6)
- Data Field Count: 20
Data fields
1 |
BYTES |
BYTES (1) |
8 |
2 |
OUT_BYTES |
OUT_BYTES (23) |
8 |
3 |
PKTS |
PKTS (2) |
4 |
4 |
OUT_PKTS |
OUT_PKTS (24) |
4 |
5 |
FIRST_SWITCHED |
FIRST_SWITCHED (22) |
4 |
6 |
LAST_SWITCHED |
LAST_SWITCHED (21) |
4 |
7 |
INPUT_SNMP |
INPUT_SNMP (10) |
2 |
8 |
OUTPUT_SNMP |
OUTPUT_SNMP (14) |
2 |
9 |
ICMP_TYPE |
ICMP_TYPE (32) |
2 |
10 |
PROTOCOL |
PROTOCOL (4) |
1 |
11 |
APPLICATION_ID |
APPLICATION_ID (95) |
9 |
12 |
Unknown(65) |
Unknown (65) |
2 |
13 |
FORWARDING_STATUS |
FORWARDING_STATUS (89) |
1 |
14 |
flowEndReason |
flowEndReason (136) |
1 |
15 |
IPV6_SRC_ADDR |
IPV6_SRC_ADDR (27) |
16 |
16 |
IPV6_DST_ADDR |
IPV6_DST_ADDR (28) |
16 |
17 |
postNATSourceIPv6Address |
postNATSourceIPv6Address (281) |
16 |
18 |
postNATDestinationIPv6Address |
postNATDestinationIPv6Address (282) |
16 |
19 |
postNAPTSourceTransportPort |
postNAPTSourceTransportPort (227) |
2 |
20 |
postNAPTDestinationTransportPort |
postNAPTDestinationTransportPort (228) |
2 |
ID 269 - ICMPV6_AF_NAT
- Description: AF NAT ICMPv6 traffic (6->4)
- Data Field Count: 20
Data fields
1 |
BYTES |
BYTES (1) |
8 |
2 |
OUT_BYTES |
OUT_BYTES (23) |
8 |
3 |
PKTS |
PKTS (2) |
4 |
4 |
OUT_PKTS |
OUT_PKTS (24) |
4 |
5 |
FIRST_SWITCHED |
FIRST_SWITCHED (22) |
4 |
6 |
LAST_SWITCHED |
LAST_SWITCHED (21) |
4 |
7 |
INPUT_SNMP |
INPUT_SNMP (10) |
2 |
8 |
OUTPUT_SNMP |
OUTPUT_SNMP (14) |
2 |
9 |
ICMP_TYPE |
ICMP_TYPE (32) |
2 |
10 |
PROTOCOL |
PROTOCOL (4) |
1 |
11 |
APPLICATION_ID |
APPLICATION_ID (95) |
9 |
12 |
Unknown(65) |
Unknown (65) |
2 |
13 |
FORWARDING_STATUS |
FORWARDING_STATUS (89) |
1 |
14 |
flowEndReason |
flowEndReason (136) |
1 |
15 |
IPV6_SRC_ADDR |
IPV6_SRC_ADDR (27) |
16 |
16 |
IPV6_DST_ADDR |
IPV6_DST_ADDR (28) |
16 |
17 |
postNATSourceIPv4Address |
postNATSourceIPv4Address (225) |
4 |
18 |
postNATDestinationIPv4Address |
postNATDestinationIPv4Address (226) |
4 |
19 |
postNAPTSourceTransportPort |
postNAPTSourceTransportPort (227) |
2 |
20 |
postNAPTDestinationTransportPort |
postNAPTDestinationTransportPort (228) |
2 |