Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config switch-controller flow-tracking

Configure FortiSwitch flow tracking and export via ipfix/netflow.

config switch-controller flow-tracking

Description: Configure FortiSwitch flow tracking and export via ipfix/netflow.

set sample-mode [local|perimeter|...]

set sample-rate {integer}

set format [netflow1|netflow5|...]

set collector-ip {ipv4-address}

set collector-port {integer}

set transport [udp|tcp|...]

set level [vlan|ip|...]

set max-export-pkt-size {integer}

set timeout-general {integer}

set timeout-icmp {integer}

set timeout-max {integer}

set timeout-tcp {integer}

set timeout-tcp-fin {integer}

set timeout-tcp-rst {integer}

set timeout-udp {integer}

config aggregates

Description: Configure aggregates in which all traffic sessions matching the IP Address will be grouped into the same flow.

edit <id>

set ip {ipv4-classnet}

next

end

end

config switch-controller flow-tracking

Parameter name

Description

Type

Size

sample-mode

Configure sample mode for the flow tracking.

option

-

 

Option

Description

local

Set local mode which samples on the specific switch port.

perimeter

Set perimeter mode which samples on all switch fabric ports and fortilink port at the ingress.

device-ingress

Set device -ingress mode which samples across all switch ports at the ingress.

sample-rate

Configure sample rate for the perimeter and device-ingress sampling(0 - 99999).

integer

Minimum value: 0 Maximum value: 99999

format

Configure flow tracking protocol.

option

-

 

Option

Description

netflow1

Netflow version 1 sampling.

netflow5

Netflow version 5 sampling.

netflow9

Netflow version 9 sampling.

ipfix

Ipfix sampling.

collector-ip

Configure collector ip address.

ipv4-address

Not Specified

collector-port

Configure collector port number(0-65535, default=0).

integer

Minimum value: 0 Maximum value: 65535

transport

Configure L4 transport protocol for exporting packets.

option

-

 

Option

Description

udp

UDP protocol.

tcp

TCP protocol.

sctp

SCTP protocol.

level

Configure flow tracking level.

option

-

 

Option

Description

vlan

Collects srcip/dstip/srcport/dstport/protocol/tos/vlan from the sample packet.

ip

Collects srcip/dstip from the sample packet.

port

Collects srcip/dstip/srcport/dstport/protocol from the sample packet.

proto

Collects srcip/dstip/protocol from the sample packet.

mac

Collects smac/dmac from the sample packet.

max-export-pkt-size

Configure flow max export packet size (512-9216, default=512 bytes).

integer

Minimum value: 512 Maximum value: 9216

timeout-general

Configure flow session general timeout (60-604800, default=3600 seconds).

integer

Minimum value: 60 Maximum value: 604800

timeout-icmp

Configure flow session ICMP timeout (60-604800, default=300 seconds).

integer

Minimum value: 60 Maximum value: 604800

timeout-max

Configure flow session max timeout (60-604800, default=604800 seconds).

integer

Minimum value: 60 Maximum value: 604800

timeout-tcp

Configure flow session TCP timeout (60-604800, default=3600 seconds).

integer

Minimum value: 60 Maximum value: 604800

timeout-tcp-fin

Configure flow session TCP FIN timeout (60-604800, default=300 seconds).

integer

Minimum value: 60 Maximum value: 604800

timeout-tcp-rst

Configure flow session TCP RST timeout (60-604800, default=120 seconds).

integer

Minimum value: 60 Maximum value: 604800

timeout-udp

Configure flow session UDP timeout (60-604800, default=300 seconds).

integer

Minimum value: 60 Maximum value: 604800

Parameter name

Description

Type

Size

ip

IP address to group all matching traffic sessions to a flow.

ipv4-classnet

Not Specified

config switch-controller flow-tracking

Configure FortiSwitch flow tracking and export via ipfix/netflow.

config switch-controller flow-tracking

Description: Configure FortiSwitch flow tracking and export via ipfix/netflow.

set sample-mode [local|perimeter|...]

set sample-rate {integer}

set format [netflow1|netflow5|...]

set collector-ip {ipv4-address}

set collector-port {integer}

set transport [udp|tcp|...]

set level [vlan|ip|...]

set max-export-pkt-size {integer}

set timeout-general {integer}

set timeout-icmp {integer}

set timeout-max {integer}

set timeout-tcp {integer}

set timeout-tcp-fin {integer}

set timeout-tcp-rst {integer}

set timeout-udp {integer}

config aggregates

Description: Configure aggregates in which all traffic sessions matching the IP Address will be grouped into the same flow.

edit <id>

set ip {ipv4-classnet}

next

end

end

config switch-controller flow-tracking

Parameter name

Description

Type

Size

sample-mode

Configure sample mode for the flow tracking.

option

-

 

Option

Description

local

Set local mode which samples on the specific switch port.

perimeter

Set perimeter mode which samples on all switch fabric ports and fortilink port at the ingress.

device-ingress

Set device -ingress mode which samples across all switch ports at the ingress.

sample-rate

Configure sample rate for the perimeter and device-ingress sampling(0 - 99999).

integer

Minimum value: 0 Maximum value: 99999

format

Configure flow tracking protocol.

option

-

 

Option

Description

netflow1

Netflow version 1 sampling.

netflow5

Netflow version 5 sampling.

netflow9

Netflow version 9 sampling.

ipfix

Ipfix sampling.

collector-ip

Configure collector ip address.

ipv4-address

Not Specified

collector-port

Configure collector port number(0-65535, default=0).

integer

Minimum value: 0 Maximum value: 65535

transport

Configure L4 transport protocol for exporting packets.

option

-

 

Option

Description

udp

UDP protocol.

tcp

TCP protocol.

sctp

SCTP protocol.

level

Configure flow tracking level.

option

-

 

Option

Description

vlan

Collects srcip/dstip/srcport/dstport/protocol/tos/vlan from the sample packet.

ip

Collects srcip/dstip from the sample packet.

port

Collects srcip/dstip/srcport/dstport/protocol from the sample packet.

proto

Collects srcip/dstip/protocol from the sample packet.

mac

Collects smac/dmac from the sample packet.

max-export-pkt-size

Configure flow max export packet size (512-9216, default=512 bytes).

integer

Minimum value: 512 Maximum value: 9216

timeout-general

Configure flow session general timeout (60-604800, default=3600 seconds).

integer

Minimum value: 60 Maximum value: 604800

timeout-icmp

Configure flow session ICMP timeout (60-604800, default=300 seconds).

integer

Minimum value: 60 Maximum value: 604800

timeout-max

Configure flow session max timeout (60-604800, default=604800 seconds).

integer

Minimum value: 60 Maximum value: 604800

timeout-tcp

Configure flow session TCP timeout (60-604800, default=3600 seconds).

integer

Minimum value: 60 Maximum value: 604800

timeout-tcp-fin

Configure flow session TCP FIN timeout (60-604800, default=300 seconds).

integer

Minimum value: 60 Maximum value: 604800

timeout-tcp-rst

Configure flow session TCP RST timeout (60-604800, default=120 seconds).

integer

Minimum value: 60 Maximum value: 604800

timeout-udp

Configure flow session UDP timeout (60-604800, default=300 seconds).

integer

Minimum value: 60 Maximum value: 604800

Parameter name

Description

Type

Size

ip

IP address to group all matching traffic sessions to a flow.

ipv4-classnet

Not Specified