Fortinet white logo
Fortinet white logo

Administration Guide

NetFlow templates

NetFlow templates

NetFlow uses templates to capture and categorize the data that it collects. FortiOS supports the following NetFlow templates:

Name

Template ID

Description

STAT_OPTIONS

256

Statistics information about exporter

APP_ID_OPTIONS

257

Application information

IPV4

258

No NAT IPv4 traffic

IPV6

259

No NAT IPv6 traffic

ICMP4

260

No NAT ICMPv4 traffic

ICMP6

261

No NAT ICMPv6 traffic

IPV4_NAT

262

Source/Destination NAT IPv4 traffic

IPV4_AF_NAT

263

AF NAT IPv4 traffic (4->6)

IPV6_NAT

264

Source/Destination NAT IPv6 traffic

IPV6_AF_NAT

265

AF NAT IPv6 traffic (6->4)

ICMP4_NAT

266

Source/Destination NAT ICMPv4 traffic

ICMP4_AF_NAT

267

AF NAT ICMPv4 traffic (4->6)

ICMP6_NAT

268

Source/Destination NAT ICMPv6 traffic

ICMPv6_AF_NAT

269

AF NAT ICMPv6 traffic (6->4)

256 - STAT_OPTIONS

Description

Statistics information about exporter

Scope Field Count

1

Data Field Count

7

Option Scope Length

4

Option Length

28

Padding

0000

Scope fields

Field #

Field

Type

Length

1

System

System (1)

2

Data fields

Field #

Field

Type

Length

1

TOTAL_BYTES_EXP

TOTAL_BYTES_EXP (40)

8

2

TOTAL_PKTS_EXP

TOTAL_PKTS_EXP (41)

8

3

TOTAL_FLOWS_EXP

TOTAL_FLOWS_EXP (42)

8

4

FLOW_ACTIVE_TIMEOUT

FLOW_ACTIVE_TIMEOUT (36)

2

5

FLOW_INACTIVE_TIMEOUT

FLOW_INACTIVE_TIMEOUT (37)

2

6

SAMPLING_INTERVAL

SAMPLING_INTERVAL (34)

4

7

SAMPLING_ALGORITHM

SAMPLING_ALGORITHM (35)

1

257 - APP_ID_OPTIONS

Description

Application information

Scope Field Count

1

Data Field Count

4

Option Scope Length

4

Option Length

16

Padding

0000

Scope fields

Field #

Field

Type

Length

1

System

System (1)

2

Data fields

Field #

Field

Type

Length

1

APPLICATION_ID

APPLICATION_ID (95)

9

2

APPLICATION_NAME

APPLICATION_NAME (96)

64

3

APPLICATION_DESC

APPLICATION_DESC (94)

64

4

applicationCategoryName

applicationCategoryName (372)

32

258 - IPV4

Description

No NAT IPv4 traffic

Data Field Count

17

Data fields

Field #

Field

Type

Length

1

BYTES

BYTES (1)

8

2

OUT_BYTES

OUT_BYTES (23)

8

3

PKTS

PKTS (2)

4

4

OUT_PKTS

OUT_PKTS (24)

4

5

FIRST_SWITCHED

FIRST_SWITCHED (22)

4

6

LAST_SWITCHED

LAST_SWITCHED (21)

4

7

L4_SRC_PORT

L4_SRC_PORT (7)

2

8

L4_DST_PORT

L4_DST_PORT (11)

2

9

INPUT_SNMP

INPUT_SNMP (10)

2

10

OUTPUT_SNMP

OUTPUT_SNMP (14)

2

11

PROTOCOL

PROTOCOL (4)

1

12

APPLICATION_ID

APPLICATION_ID (95)

9

13

FLOW_FLAGS

FLOW_FLAGS (65)

2

14

FORWARDING_STATUS

FORWARDING_STATUS (89)

1

15

flowEndReason

flowEndReason (136)

1

16

IP_SRC_ADDR

IP_SRC_ADDR (8)

4

17

IP_DST_ADDR

IP_DST_ADDR (12)

4

259 - IPV6

Description

No NAT IPv6 traffic

Data Field Count

17

Data fields

Field #

Field

Type

Length

1

BYTES

BYTES (1)

8

2

OUT_BYTES

OUT_BYTES (23)

8

3

PKTS

PKTS (2)

4

4

OUT_PKTS

OUT_PKTS (24)

4

5

FIRST_SWITCHED

FIRST_SWITCHED (22)

4

6

LAST_SWITCHED

LAST_SWITCHED (21)

4

7

L4_SRC_PORT

L4_SRC_PORT (7)

2

8

L4_DST_PORT

L4_DST_PORT (11)

2

9

INPUT_SNMP

INPUT_SNMP (10)

2

10

OUTPUT_SNMP

OUTPUT_SNMP (14)

2

11

PROTOCOL

PROTOCOL (4)

1

12

APPLICATION_ID

APPLICATION_ID (95)

9

13

FLOW_FLAGS

FLOW_FLAGS (65)

2

14

FORWARDING_STATUS

FORWARDING_STATUS (89)

1

15

flowEndReason

flowEndReason (136)

1

16

IPV6_SRC_ADDR

IPV6_SRC_ADDR (27)

16

17

IPV6_DST_ADDR

IPV6_DST_ADDR (28)

16

260 - ICMP4

Description

No NAT ICMPv4 traffic

Data Field Count

16

Data fields

Field #

Field

Type

Length

1

BYTES

BYTES (1)

8

2

OUT_BYTES

OUT_BYTES (23)

8

3

PKTS

PKTS (2)

4

4

OUT_PKTS

OUT_PKTS (24)

4

5

FIRST_SWITCHED

FIRST_SWITCHED (22)

4

6

LAST_SWITCHED

LAST_SWITCHED (21)

4

7

INPUT_SNMP

INPUT_SNMP (10)

2

8

OUTPUT_SNMP

OUTPUT_SNMP (14)

2

9

ICMP_TYPE

ICMP_TYPE (32)

2

10

PROTOCOL

PROTOCOL (4)

1

11

APPLICATION_ID

APPLICATION_ID (95)

9

12

FLOW_FLAGS

FLOW_FLAGS (65)

2

13

FORWARDING_STATUS

FORWARDING_STATUS (89)

1

14

flowEndReason

flowEndReason (136)

1

15

IP_SRC_ADDR

IP_SRC_ADDR (8)

4

16

IP_DST_ADDR

IP_DST_ADDR(12)

4

261 - ICMP6

Description

No NAT ICMPv6 traffic

Data Field Count

16

Data fields

Field #

Field

Type

Length

1

BYTES

BYTES (1)

8

2

OUT_BYTES

OUT_BYTES (23)

8

3

PKTS

PKTS (2)

4

4

OUT_PKTS

OUT_PKTS (24)

4

5

FIRST_SWITCHED

FIRST_SWITCHED (22)

4

6

LAST_SWITCHED

LAST_SWITCHED (21)

4

7

INPUT_SNMP

INPUT_SNMP (10)

2

8

OUTPUT_SNMP

OUTPUT_SNMP (14)

2

9

ICMP_TYPE

ICMP_TYPE (32)

2

10

PROTOCOL

PROTOCOL (4)

1

11

APPLICATION_ID

APPLICATION_ID (95)

9

12

FLOW_FLAGS

FLOW_FLAGS (65)

2

13

FORWARDING_STATUS

FORWARDING_STATUS (89)

1

14

flowEndReason

flowEndReason (136)

1

15

IPV6_SRC_ADDR

IPV6_SRC_ADDR (27)

16

16

IPV6_DST_ADDR

IPV6_DST_ADDR (28)

16

262 - IPV4_NAT

Description

Source/Destination NAT IPv4 traffic

Data Field Count

21

Data fields

Field #

Field

Type

Length

1

BYTES

BYTES (1)

8

2

OUT_BYTES

OUT_BYTES (23)

8

3

PKTS

PKTS (2)

4

4

OUT_PKTS

OUT_PKTS (24)

4

5

FIRST_SWITCHED

FIRST_SWITCHED (22)

4

6

LAST_SWITCHED

LAST_SWITCHED (21)

4

7

L4_SRC_PORT

L4_SRC_PORT (7)

2

8

L4_DST_PORT

L4_DST_PORT (11)

2

9

INPUT_SNMP

INPUT_SNMP (10)

2

10

OUTPUT_SNMP

OUTPUT_SNMP (14)

2

11

PROTOCOL

PROTOCOL (4)

1

12

APPLICATION_ID

APPLICATION_ID (95)

9

13

FLOW_FLAGS

FLOW_FLAGS (65)

2

14

FORWARDING_STATUS

FORWARDING_STATUS (89)

1

15

flowEndReason

flowEndReason (136)

1

16

IP_SRC_ADDR

IP_SRC_ADDR (8)

4

17

IP_DST_ADDR

IP_DST_ADDR (12)

4

18

postNATSourceIPv4Address

postNATSourceIPv4Address (225)

4

19

postNATDestinationIPv4Address

postNATDestinationIPv4Address (226)

4

20

postNAPTSourceTransportPort

postNAPTSourceTransportPort (227)

2

21

postNAPTDestinationTransportPort

postNAPTDestinationTransportPort (228)

2

263 - IPV4_AF_NAT

Description

AF NAT IPv4 traffic (4->6)

Data Field Count

21

Data fields

Field #

Field

Type

Length

1

BYTES

BYTES (1)

8

2

OUT_BYTES

OUT_BYTES (23)

8

3

PKTS

PKTS (2)

4

4

OUT_PKTS

OUT_PKTS (24)

4

5

FIRST_SWITCHED

FIRST_SWITCHED (22)

4

6

LAST_SWITCHED

LAST_SWITCHED (21)

4

7

L4_SRC_PORT

L4_SRC_PORT (7)

2

8

L4_DST_PORT

L4_DST_PORT (11)

2

9

INPUT_SNMP

INPUT_SNMP (10)

2

10

OUTPUT_SNMP

OUTPUT_SNMP (14)

2

11

PROTOCOL

PROTOCOL (4)

1

12

APPLICATION_ID

APPLICATION_ID (95)

9

13

FLOW_FLAGS

FLOW_FLAGS (65)

2

14

FORWARDING_STATUS

FORWARDING_STATUS (89)

1

15

flowEndReason

flowEndReason (136)

1

16

IPV6_SRC_ADDR

IPV6_SRC_ADDR (27)

16

17

IPV6_DST_ADDR

IPV6_DST_ADDR (28)

16

18

postNATSourceIPv6Address

postNATSourceIPv6Address (281)

16

19

postNATDestinationIPv6Address

postNATDestinationIPv6Address (282)

16

20

postNAPTSourceTransportPort

postNAPTSourceTransportPort (227)

2

21

postNAPTDestinationTransportPort

postNAPTDestinationTransportPort (228)

2

264 - IPV6_NAT

Description

Source/Destination NAT IPv6 traffic

Data Field Count

21

Data fields

Field #

Field

Type

Length

1

BYTES

BYTES (1)

8

2

OUT_BYTES

OUT_BYTES (23)

8

3

PKTS

PKTS (2)

4

4

OUT_PKTS

OUT_PKTS (24)

4

5

FIRST_SWITCHED

FIRST_SWITCHED (22)

4

6

LAST_SWITCHED

LAST_SWITCHED (21)

4

7

L4_SRC_PORT

L4_SRC_PORT (7)

2

8

L4_DST_PORT

L4_DST_PORT (11)

2

9

INPUT_SNMP

INPUT_SNMP (10)

2

10

OUTPUT_SNMP

OUTPUT_SNMP (14)

2

11

PROTOCOL

PROTOCOL (4)

1

12

APPLICATION_ID

APPLICATION_ID (95)

9

13

FLOW_FLAGS

FLOW_FLAGS (65)

2

14

FORWARDING_STATUS

FORWARDING_STATUS (89)

1

15

flowEndReason

flowEndReason (136)

1

16

IP_SRC_ADDR

IP_SRC_ADDR (8)

4

17

IP_DST_ADDR

IP_DST_ADDR (12)

4

18

postNATSourceIPv6Address

postNATSourceIPv6Address (281)

16

19

postNATDestinationIPv6Address

postNATDestinationIPv6Address (282)

16

20

postNAPTSourceTransportPort

postNAPTSourceTransportPort (227)

2

21

postNAPTDestinationTransportPort

postNAPTDestinationTransportPort (228)

2

265 - IPV6_AF_NAT

Description

AF NAT IPv6 traffic (6->4)

Data Field Count

21

Data fields

Field #

Field

Type

Length

1

BYTES

BYTES (1)

8

2

OUT_BYTES

OUT_BYTES (23)

8

3

PKTS

PKTS (2)

4

4

OUT_PKTS

OUT_PKTS (24)

4

5

FIRST_SWITCHED

FIRST_SWITCHED (22)

4

6

LAST_SWITCHED

LAST_SWITCHED (21)

4

7

L4_SRC_PORT

L4_SRC_PORT (7)

2

8

L4_DST_PORT

L4_DST_PORT (11)

2

9

INPUT_SNMP

INPUT_SNMP (10)

2

10

OUTPUT_SNMP

OUTPUT_SNMP (14)

2

11

PROTOCOL

PROTOCOL (4)

1

12

APPLICATION_ID

APPLICATION_ID (95)

9

13

FLOW_FLAGS

FLOW_FLAGS (65)

2

14

FORWARDING_STATUS

FORWARDING_STATUS (89)

1

15

flowEndReason

flowEndReason (136)

1

16

IPV6_SRC_ADDR

IPV6_SRC_ADDR (27)

16

17

IPV6_DST_ADDR

IPV6_DST_ADDR (28)

16

18

postNATSourceIPv4Address

postNATSourceIPv4Address (225)

4

19

postNATDestinationIPv4Address

postNATDestinationIPv4Address (226)

4

20

postNAPTSourceTransportPort

postNAPTSourceTransportPort (227)

2

21

postNAPTDestinationTransportPort

postNAPTDestinationTransportPort (228)

2

266 - ICMPV4_NAT

Description

Source/Destination NAT ICMPv4 traffic

Data Field Count

20

Data fields

Field #

Field

Type

Length

1

BYTES

BYTES (1)

8

2

OUT_BYTES

OUT_BYTES (23)

8

3

PKTS

PKTS (2)

4

4

OUT_PKTS

OUT_PKTS (24)

4

5

FIRST_SWITCHED

FIRST_SWITCHED (22)

4

6

LAST_SWITCHED

LAST_SWITCHED (21)

4

7

INPUT_SNMP

INPUT_SNMP (10)

2

8

OUTPUT_SNMP

OUTPUT_SNMP (14)

2

9

ICMP_TYPE

ICMP_TYPE (32)

2

10

PROTOCOL

PROTOCOL (4)

1

11

APPLICATION_ID

APPLICATION_ID (95)

9

12

FLOW_FLAGS

FLOW_FLAGS (65)

2

13

FORWARDING_STATUS

FORWARDING_STATUS (89)

1

14

flowEndReason

flowEndReason (136)

1

15

IP_SRC_ADDR

IP_SRC_ADDR (8)

4

16

IP_DST_ADDR

IP_DST_ADDR (12)

4

17

postNATSourceIPv4Address

postNATSourceIPv4Address (225)

4

18

postNATDestinationIPv4Address

postNATDestinationIPv4Address (226)

4

19

postNAPTSourceTransportPort

postNAPTSourceTransportPort (227)

2

20

postNAPTDestinationTransportPort

postNAPTDestinationTransportPort (228)

2

267 - ICMPV4_AF_NAT

Description

AF NAT ICMPv4 traffic (4->6)

Data Field Count

20

Data fields

Field #

Field

Type

Length

1

BYTES

BYTES (1)

8

2

OUT_BYTES

OUT_BYTES (23)

8

3

PKTS

PKTS (2)

4

4

OUT_PKTS

OUT_PKTS (24)

4

5

FIRST_SWITCHED

FIRST_SWITCHED (22)

4

6

LAST_SWITCHED

LAST_SWITCHED (21)

4

7

INPUT_SNMP

INPUT_SNMP (10)

2

8

OUTPUT_SNMP

OUTPUT_SNMP (14)

2

9

ICMP_TYPE

ICMP_TYPE (32)

2

10

PROTOCOL

PROTOCOL (4)

1

11

APPLICATION_ID

APPLICATION_ID (95)

9

12

FLOW_FLAGS

FLOW_FLAGS (65)

2

13

FORWARDING_STATUS

FORWARDING_STATUS (89)

1

14

flowEndReason

flowEndReason (136)

1

15

IPV6_SRC_ADDR

IPV6_SRC_ADDR (27)

16

16

IPV6_DST_ADDR

IPV6_DST_ADDR (28)

16

17

postNATSourceIPv6Address

postNATSourceIPv6Address (281)

16

18

postNATDestinationIPv6Address

postNATDestinationIPv6Address (282)

16

19

postNAPTSourceTransportPort

postNAPTSourceTransportPort (227)

2

20

postNAPTDestinationTransportPort

postNAPTDestinationTransportPort (228)

2

268 - ICMPV6_NAT

Description

Source/Destination NAT ICMPv6 traffic

Data Field Count

20

Data fields

Field #

Field

Type

Length

1

BYTES

BYTES (1)

8

2

OUT_BYTES

OUT_BYTES (23)

8

3

PKTS

PKTS (2)

4

4

OUT_PKTS

OUT_PKTS (24)

4

5

FIRST_SWITCHED

FIRST_SWITCHED (22)

4

6

LAST_SWITCHED

LAST_SWITCHED (21)

4

7

INPUT_SNMP

INPUT_SNMP (10)

2

8

OUTPUT_SNMP

OUTPUT_SNMP (14)

2

9

ICMP_TYPE

ICMP_TYPE (32)

2

10

PROTOCOL

PROTOCOL (4)

1

11

APPLICATION_ID

APPLICATION_ID (95)

9

12

FLOW_FLAGS

FLOW_FLAGS (65)

2

13

FORWARDING_STATUS

FORWARDING_STATUS (89)

1

14

flowEndReason

flowEndReason (136)

1

15

IP_SRC_ADDR

IP_SRC_ADDR (8)

4

16

IP_DST_ADDR

IP_DST_ADDR (12)

4

17

postNATSourceIPv6Address

postNATSourceIPv6Address (281)

16

18

postNATDestinationIPv6Address

postNATDestinationIPv6Address (282)

16

19

postNAPTSourceTransportPort

postNAPTSourceTransportPort (227)

2

20

postNAPTDestinationTransportPort

postNAPTDestinationTransportPort (228)

2

269 - ICMPV6_AF_NAT

Description

AF NAT ICMPv6 traffic (6->4)

Data Field Count

20

Data fields

Field #

Field

Type

Length

1

BYTES

BYTES (1)

8

2

OUT_BYTES

OUT_BYTES (23)

8

3

PKTS

PKTS (2)

4

4

OUT_PKTS

OUT_PKTS (24)

4

5

FIRST_SWITCHED

FIRST_SWITCHED (22)

4

6

LAST_SWITCHED

LAST_SWITCHED (21)

4

7

INPUT_SNMP

INPUT_SNMP (10)

2

8

OUTPUT_SNMP

OUTPUT_SNMP (14)

2

9

ICMP_TYPE

ICMP_TYPE (32)

2

10

PROTOCOL

PROTOCOL (4)

1

11

APPLICATION_ID

APPLICATION_ID (95)

9

12

FLOW_FLAGS

FLOW_FLAGS (65)

2

13

FORWARDING_STATUS

FORWARDING_STATUS (89)

1

14

flowEndReason

flowEndReason (136)

1

15

IPV6_SRC_ADDR

IPV6_SRC_ADDR (27)

16

16

IPV6_DST_ADDR

IPV6_DST_ADDR (28)

16

17

postNATSourceIPv4Address

postNATSourceIPv4Address (225)

4

18

postNATDestinationIPv4Address

postNATDestinationIPv4Address (226)

4

19

postNAPTSourceTransportPort

postNAPTSourceTransportPort (227)

2

20

postNAPTDestinationTransportPort

postNAPTDestinationTransportPort (228)

2

NetFlow templates

NetFlow templates

NetFlow uses templates to capture and categorize the data that it collects. FortiOS supports the following NetFlow templates:

Name

Template ID

Description

STAT_OPTIONS

256

Statistics information about exporter

APP_ID_OPTIONS

257

Application information

IPV4

258

No NAT IPv4 traffic

IPV6

259

No NAT IPv6 traffic

ICMP4

260

No NAT ICMPv4 traffic

ICMP6

261

No NAT ICMPv6 traffic

IPV4_NAT

262

Source/Destination NAT IPv4 traffic

IPV4_AF_NAT

263

AF NAT IPv4 traffic (4->6)

IPV6_NAT

264

Source/Destination NAT IPv6 traffic

IPV6_AF_NAT

265

AF NAT IPv6 traffic (6->4)

ICMP4_NAT

266

Source/Destination NAT ICMPv4 traffic

ICMP4_AF_NAT

267

AF NAT ICMPv4 traffic (4->6)

ICMP6_NAT

268

Source/Destination NAT ICMPv6 traffic

ICMPv6_AF_NAT

269

AF NAT ICMPv6 traffic (6->4)

256 - STAT_OPTIONS

Description

Statistics information about exporter

Scope Field Count

1

Data Field Count

7

Option Scope Length

4

Option Length

28

Padding

0000

Scope fields

Field #

Field

Type

Length

1

System

System (1)

2

Data fields

Field #

Field

Type

Length

1

TOTAL_BYTES_EXP

TOTAL_BYTES_EXP (40)

8

2

TOTAL_PKTS_EXP

TOTAL_PKTS_EXP (41)

8

3

TOTAL_FLOWS_EXP

TOTAL_FLOWS_EXP (42)

8

4

FLOW_ACTIVE_TIMEOUT

FLOW_ACTIVE_TIMEOUT (36)

2

5

FLOW_INACTIVE_TIMEOUT

FLOW_INACTIVE_TIMEOUT (37)

2

6

SAMPLING_INTERVAL

SAMPLING_INTERVAL (34)

4

7

SAMPLING_ALGORITHM

SAMPLING_ALGORITHM (35)

1

257 - APP_ID_OPTIONS

Description

Application information

Scope Field Count

1