Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.2.1
Copy Link

Configure FortiSwitch flow tracking and export via ipfix/netflow.

  config switch-controller flow-tracking
      Description: Configure FortiSwitch flow tracking and export via ipfix/netflow.
      set sample-mode [local|perimeter|...]
      set sample-rate {integer}
      set format [netflow1|netflow5|...]
      set collector-ip {ipv4-address}
      set collector-port {integer}
      set transport [udp|tcp|...]
      set level [vlan|ip|...]
      set max-export-pkt-size {integer}
      set timeout-general {integer}
      set timeout-icmp {integer}
      set timeout-max {integer}
      set timeout-tcp {integer}
      set timeout-tcp-fin {integer}
      set timeout-tcp-rst {integer}
      set timeout-udp {integer}
      config aggregates
          Description: Configure aggregates in which all traffic sessions matching the IP Address will be grouped into the same flow.
          edit <id>
              set ip {ipv4-classnet}
          next
      end
  end

config switch-controller flow-tracking

Parameter Name Description Type Size
sample-mode Configure sample mode for the flow tracking.
local: Set local mode which samples on the specific switch port.
perimeter: Set perimeter mode which samples on all switch fabric ports and fortilink port at the ingress.
device-ingress: Set device -ingress mode which samples across all switch ports at the ingress.
option -
sample-rate Configure sample rate for the perimeter and device-ingress sampling(0 - 99999). integer Minimum value: 0 Maximum value: 99999
format Configure flow tracking protocol.
netflow1: Netflow version 1 sampling.
netflow5: Netflow version 5 sampling.
netflow9: Netflow version 9 sampling.
ipfix: Ipfix sampling.
option -
collector-ip Configure collector ip address. ipv4-address Not Specified
collector-port Configure collector port number(0-65535, default=0). integer Minimum value: 0 Maximum value: 65535
transport Configure L4 transport protocol for exporting packets.
udp: UDP protocol.
tcp: TCP protocol.
sctp: SCTP protocol.
option -
level Configure flow tracking level.
vlan: Collects srcip/dstip/srcport/dstport/protocol/tos/vlan from the sample packet.
ip: Collects srcip/dstip from the sample packet.
port: Collects srcip/dstip/srcport/dstport/protocol from the sample packet.
proto: Collects srcip/dstip/protocol from the sample packet.
option -
max-export-pkt-size Configure flow max export packet size (512-9216, default=512 bytes). integer Minimum value: 512 Maximum value: 9216
timeout-general Configure flow session general timeout (60-604800, default=3600 seconds). integer Minimum value: 60 Maximum value: 604800
timeout-icmp Configure flow session ICMP timeout (60-604800, default=300 seconds). integer Minimum value: 60 Maximum value: 604800
timeout-max Configure flow session max timeout (60-604800, default=604800 seconds). integer Minimum value: 60 Maximum value: 604800
timeout-tcp Configure flow session TCP timeout (60-604800, default=3600 seconds). integer Minimum value: 60 Maximum value: 604800
timeout-tcp-fin Configure flow session TCP FIN timeout (60-604800, default=300 seconds). integer Minimum value: 60 Maximum value: 604800
timeout-tcp-rst Configure flow session TCP RST timeout (60-604800, default=120 seconds). integer Minimum value: 60 Maximum value: 604800
timeout-udp Configure flow session UDP timeout (60-604800, default=300 seconds). integer Minimum value: 60 Maximum value: 604800
Parameter Name Description Type Size
ip IP address to group all matching traffic sessions to a flow. ipv4-classnet Not Specified

Configure FortiSwitch flow tracking and export via ipfix/netflow.

  config switch-controller flow-tracking
      Description: Configure FortiSwitch flow tracking and export via ipfix/netflow.
      set sample-mode [local|perimeter|...]
      set sample-rate {integer}
      set format [netflow1|netflow5|...]
      set collector-ip {ipv4-address}
      set collector-port {integer}
      set transport [udp|tcp|...]
      set level [vlan|ip|...]
      set max-export-pkt-size {integer}
      set timeout-general {integer}
      set timeout-icmp {integer}
      set timeout-max {integer}
      set timeout-tcp {integer}
      set timeout-tcp-fin {integer}
      set timeout-tcp-rst {integer}
      set timeout-udp {integer}
      config aggregates
          Description: Configure aggregates in which all traffic sessions matching the IP Address will be grouped into the same flow.
          edit <id>
              set ip {ipv4-classnet}
          next
      end
  end

config switch-controller flow-tracking

Parameter Name Description Type Size
sample-mode Configure sample mode for the flow tracking.
local: Set local mode which samples on the specific switch port.
perimeter: Set perimeter mode which samples on all switch fabric ports and fortilink port at the ingress.
device-ingress: Set device -ingress mode which samples across all switch ports at the ingress.
option -
sample-rate Configure sample rate for the perimeter and device-ingress sampling(0 - 99999). integer Minimum value: 0 Maximum value: 99999
format Configure flow tracking protocol.
netflow1: Netflow version 1 sampling.
netflow5: Netflow version 5 sampling.
netflow9: Netflow version 9 sampling.
ipfix: Ipfix sampling.
option -
collector-ip Configure collector ip address. ipv4-address Not Specified
collector-port Configure collector port number(0-65535, default=0). integer Minimum value: 0 Maximum value: 65535
transport Configure L4 transport protocol for exporting packets.
udp: UDP protocol.
tcp: TCP protocol.
sctp: SCTP protocol.
option -
level Configure flow tracking level.
vlan: Collects srcip/dstip/srcport/dstport/protocol/tos/vlan from the sample packet.
ip: Collects srcip/dstip from the sample packet.
port: Collects srcip/dstip/srcport/dstport/protocol from the sample packet.
proto: Collects srcip/dstip/protocol from the sample packet.
option -
max-export-pkt-size Configure flow max export packet size (512-9216, default=512 bytes). integer Minimum value: 512 Maximum value: 9216
timeout-general Configure flow session general timeout (60-604800, default=3600 seconds). integer Minimum value: 60 Maximum value: 604800
timeout-icmp Configure flow session ICMP timeout (60-604800, default=300 seconds). integer Minimum value: 60 Maximum value: 604800
timeout-max Configure flow session max timeout (60-604800, default=604800 seconds). integer Minimum value: 60 Maximum value: 604800
timeout-tcp Configure flow session TCP timeout (60-604800, default=3600 seconds). integer Minimum value: 60 Maximum value: 604800
timeout-tcp-fin Configure flow session TCP FIN timeout (60-604800, default=300 seconds). integer Minimum value: 60 Maximum value: 604800
timeout-tcp-rst Configure flow session TCP RST timeout (60-604800, default=120 seconds). integer Minimum value: 60 Maximum value: 604800
timeout-udp Configure flow session UDP timeout (60-604800, default=300 seconds). integer Minimum value: 60 Maximum value: 604800
Parameter Name Description Type Size
ip IP address to group all matching traffic sessions to a flow. ipv4-classnet Not Specified