Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Cookbook

    6.2.12
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.0
    6.0.0
    5.6.0
    5.4.0

    NetFlow

    NetFlow

    NetFlow allows you to collect IP network traffic statistics for an interface, and then export those statistics for analysis. NetFlow samplers, that sample every packet, are configured per interface. Full NetFlow is supported through the information maintained in the firewall session.

    To configure NetFlow:
    config system netflow
    set collector-ip <ip>
    set collector-port <port>
    set source-ip <ip>
    set active-flow-timeout <integer>
    set inactive-flow-timeout <integer>
    set template-tx-timeout <integer>
    set template-tx-counter <integer>
end

    collector-ip <ip>

    Collector IP address.

    collector-port <port>

    NetFlow collector port number (0 - 65535)

    source-ip <ip>

    Source IP address, for communication with the NetFlow agent.

    active-flow-timeout <integer>

    Timeout to report active flows, in minutes (1 - 60, default = 30).

    inactive-flow-timeout <integer>

    Timeout for periodic report of finished flows, in seconds (10 - 600, default = 15).

    template-tx-timeout <integer>

    Timeout for periodic template flowset transmission, in minutes (1 - 1440, default = 30).

    template-tx-counter <integer>

    Counter of flowset records, before resending a template flowset record (10 - 6000, default = 20).
    To configure NetFlow in a specific VDOM:
    config vdom
    edit <vdom>
        config system vdom-netflow
            set vdom-netflow enable
            set collector-ip <ip>
            set collector-port <port>
            set source-ip <ip>
        end
    next
end
    To configure a NetFlow sampler on an interface:
    config system interface
    edit <interface>
        set netflow-sampler {disable | tx | rx | both}
    next
end

    disable

    Disable the NetFlow protocol on this interface (default).

    tx

    Monitor transmitted traffic on this interface.

    rx

    Monitor received traffic on this interface.

    both

    Monitor transmitted/received traffic on this interface.

    Verification and troubleshooting

    If data are not seen on the NetFlow collector after it has been configured, use the following sniffer commands to verify if the FortiGate and the collector are communicating:

    • By collector port:

      # diagnose sniffer packet 'port <collector-port>'  6 0 a

    • By collector IP address:

      # diagnose sniffer packet 'host <collector-ip>' 6 0 a

    NetFlow uses the sflow daemon. The current NetFlow configuration can be viewed using test level 3 or 4:

    # diagnose test application sflowd 3
    # diagnose test application sflowd 4
Netflow Cache Stats:
vdoms=1 Collectors=1 Cached_intf=2 Netflow_enabled_intf=1 Live_sessions=0 Session cache max count:71950
    Previous
    Next

    NetFlow

    NetFlow

    NetFlow allows you to collect IP network traffic statistics for an interface, and then export those statistics for analysis. NetFlow samplers, that sample every packet, are configured per interface. Full NetFlow is supported through the information maintained in the firewall session.

    To configure NetFlow:
    config system netflow
    set collector-ip <ip>
    set collector-port <port>
    set source-ip <ip>
    set active-flow-timeout <integer>
    set inactive-flow-timeout <integer>
    set template-tx-timeout <integer>
    set template-tx-counter <integer>
end

    collector-ip <ip>

    Collector IP address.

    collector-port <port>

    NetFlow collector port number (0 - 65535)

    source-ip <ip>

    Source IP address, for communication with the NetFlow agent.

    active-flow-timeout <integer>

    Timeout to report active flows, in minutes (1 - 60, default = 30).

    inactive-flow-timeout <integer>

    Timeout for periodic report of finished flows, in seconds (10 - 600, default = 15).

    template-tx-timeout <integer>

    Timeout for periodic template flowset transmission, in minutes (1 - 1440, default = 30).

    template-tx-counter <integer>

    Counter of flowset records, before resending a template flowset record (10 - 6000, default = 20).
    To configure NetFlow in a specific VDOM:
    config vdom
    edit <vdom>
        config system vdom-netflow
            set vdom-netflow enable
            set collector-ip <ip>
            set collector-port <port>
            set source-ip <ip>
        end
    next
end
    To configure a NetFlow sampler on an interface:
    config system interface
    edit <interface>
        set netflow-sampler {disable | tx | rx | both}
    next
end

    disable

    Disable the NetFlow protocol on this interface (default).

    tx

    Monitor transmitted traffic on this interface.

    rx

    Monitor received traffic on this interface.

    both

    Monitor transmitted/received traffic on this interface.

    Verification and troubleshooting

    If data are not seen on the NetFlow collector after it has been configured, use the following sniffer commands to verify if the FortiGate and the collector are communicating:

    • By collector port:

      # diagnose sniffer packet 'port <collector-port>'  6 0 a

    • By collector IP address:

      # diagnose sniffer packet 'host <collector-ip>' 6 0 a

    NetFlow uses the sflow daemon. The current NetFlow configuration can be viewed using test level 3 or 4:

    # diagnose test application sflowd 3
    # diagnose test application sflowd 4
Netflow Cache Stats:
vdoms=1 Collectors=1 Cached_intf=2 Netflow_enabled_intf=1 Live_sessions=0 Session cache max count:71950
    Previous
    Next