Fortinet black logo

CLI Reference

config switch-controller flow-tracking

config switch-controller flow-tracking

Configure FortiSwitch flow tracking and export via ipfix/netflow.

config switch-controller flow-tracking

Description: Configure FortiSwitch flow tracking and export via ipfix/netflow.

set sample-mode [local|perimeter|...]

set sample-rate {integer}

set format [netflow1|netflow5|...]

set collector-ip {ipv4-address}

set collector-port {integer}

set transport [udp|tcp|...]

set level [vlan|ip|...]

set max-export-pkt-size {integer}

set timeout-general {integer}

set timeout-icmp {integer}

set timeout-max {integer}

set timeout-tcp {integer}

set timeout-tcp-fin {integer}

set timeout-tcp-rst {integer}

set timeout-udp {integer}

config aggregates

Description: Configure aggregates in which all traffic sessions matching the IP Address will be grouped into the same flow.

edit <id>

set ip {ipv4-classnet}

next

end

end

config switch-controller flow-tracking

Parameter

Description

Type

Size

Default

sample-mode

Configure sample mode for the flow tracking.

option

-

perimeter

Option

Description

local

Set local mode which samples on the specific switch port.

perimeter

Set perimeter mode which samples on all switch fabric ports and fortilink port at the ingress.

device-ingress

Set device -ingress mode which samples across all switch ports at the ingress.

sample-rate

Configure sample rate for the perimeter and device-ingress sampling.

integer

Minimum value: 0 Maximum value: 99999

512

format

Configure flow tracking protocol.

option

-

netflow9

Option

Description

netflow1

Netflow version 1 sampling.

netflow5

Netflow version 5 sampling.

netflow9

Netflow version 9 sampling.

ipfix

Ipfix sampling.

collector-ip

Configure collector ip address.

ipv4-address

Not Specified

0.0.0.0

collector-port

Configure collector port number.

integer

Minimum value: 0 Maximum value: 65535

0

transport

Configure L4 transport protocol for exporting packets.

option

-

udp

Option

Description

udp

UDP protocol.

tcp

TCP protocol.

sctp

SCTP protocol.

level

Configure flow tracking level.

option

-

ip

Option

Description

vlan

Collects srcip/dstip/srcport/dstport/protocol/tos/vlan from the sample packet.

ip

Collects srcip/dstip from the sample packet.

port

Collects srcip/dstip/srcport/dstport/protocol from the sample packet.

proto

Collects srcip/dstip/protocol from the sample packet.

mac

Collects smac/dmac from the sample packet.

max-export-pkt-size

Configure flow max export packet size .

integer

Minimum value: 512 Maximum value: 9216

512

timeout-general

Configure flow session general timeout .

integer

Minimum value: 60 Maximum value: 604800

3600

timeout-icmp

Configure flow session ICMP timeout .

integer

Minimum value: 60 Maximum value: 604800

300

timeout-max

Configure flow session max timeout .

integer

Minimum value: 60 Maximum value: 604800

604800

timeout-tcp

Configure flow session TCP timeout .

integer

Minimum value: 60 Maximum value: 604800

3600

timeout-tcp-fin

Configure flow session TCP FIN timeout .

integer

Minimum value: 60 Maximum value: 604800

300

timeout-tcp-rst

Configure flow session TCP RST timeout .

integer

Minimum value: 60 Maximum value: 604800

120

timeout-udp

Configure flow session UDP timeout .

integer

Minimum value: 60 Maximum value: 604800

300

config aggregates

Parameter

Description

Type

Size

Default

ip

IP address to group all matching traffic sessions to a flow.

ipv4-classnet

Not Specified

0.0.0.0 0.0.0.0

config switch-controller flow-tracking

Configure FortiSwitch flow tracking and export via ipfix/netflow.

config switch-controller flow-tracking

Description: Configure FortiSwitch flow tracking and export via ipfix/netflow.

set sample-mode [local|perimeter|...]

set sample-rate {integer}

set format [netflow1|netflow5|...]

set collector-ip {ipv4-address}

set collector-port {integer}

set transport [udp|tcp|...]

set level [vlan|ip|...]

set max-export-pkt-size {integer}

set timeout-general {integer}

set timeout-icmp {integer}

set timeout-max {integer}

set timeout-tcp {integer}

set timeout-tcp-fin {integer}

set timeout-tcp-rst {integer}

set timeout-udp {integer}

config aggregates

Description: Configure aggregates in which all traffic sessions matching the IP Address will be grouped into the same flow.

edit <id>

set ip {ipv4-classnet}

next

end

end

config switch-controller flow-tracking

Parameter

Description

Type

Size

Default

sample-mode

Configure sample mode for the flow tracking.

option

-

perimeter

Option

Description

local

Set local mode which samples on the specific switch port.

perimeter

Set perimeter mode which samples on all switch fabric ports and fortilink port at the ingress.

device-ingress

Set device -ingress mode which samples across all switch ports at the ingress.

sample-rate

Configure sample rate for the perimeter and device-ingress sampling.

integer

Minimum value: 0 Maximum value: 99999

512

format

Configure flow tracking protocol.

option

-

netflow9

Option

Description

netflow1

Netflow version 1 sampling.

netflow5

Netflow version 5 sampling.

netflow9

Netflow version 9 sampling.

ipfix

Ipfix sampling.

collector-ip

Configure collector ip address.

ipv4-address

Not Specified

0.0.0.0

collector-port

Configure collector port number.

integer

Minimum value: 0 Maximum value: 65535

0

transport

Configure L4 transport protocol for exporting packets.

option

-

udp

Option

Description

udp

UDP protocol.

tcp

TCP protocol.

sctp

SCTP protocol.

level

Configure flow tracking level.

option

-

ip

Option

Description

vlan

Collects srcip/dstip/srcport/dstport/protocol/tos/vlan from the sample packet.

ip

Collects srcip/dstip from the sample packet.

port

Collects srcip/dstip/srcport/dstport/protocol from the sample packet.

proto

Collects srcip/dstip/protocol from the sample packet.

mac

Collects smac/dmac from the sample packet.

max-export-pkt-size

Configure flow max export packet size .

integer

Minimum value: 512 Maximum value: 9216

512

timeout-general

Configure flow session general timeout .

integer

Minimum value: 60 Maximum value: 604800

3600

timeout-icmp

Configure flow session ICMP timeout .

integer

Minimum value: 60 Maximum value: 604800

300

timeout-max

Configure flow session max timeout .

integer

Minimum value: 60 Maximum value: 604800

604800

timeout-tcp

Configure flow session TCP timeout .

integer

Minimum value: 60 Maximum value: 604800

3600

timeout-tcp-fin

Configure flow session TCP FIN timeout .

integer

Minimum value: 60 Maximum value: 604800

300

timeout-tcp-rst

Configure flow session TCP RST timeout .

integer

Minimum value: 60 Maximum value: 604800

120

timeout-udp

Configure flow session UDP timeout .

integer

Minimum value: 60 Maximum value: 604800

300

config aggregates

Parameter

Description

Type

Size

Default

ip

IP address to group all matching traffic sessions to a flow.

ipv4-classnet

Not Specified

0.0.0.0 0.0.0.0