Add FortiView Internal Hubs monitor 7.2.4

When you sample IP packets on managed FortiSwitch units with flow tracking, you can use the FortiView Internal Hubs monitor in FortiOS to report the IP addresses and the number of bytes collected from devices behind a FortiSwitch unit. If you drill down on one of the devices, you can see a chart displaying the devices and how they are connected.

To use the FortiView Internal Hubs monitor: The IP address for the flow collector (collector-ip) must be the same IP address as the FortiLink interface. The FortiGate model must have a hard drive, and you must enable historical FortiView and disk logging in the Log & Report > Log Settings page. FortiAnalyzer is not supported.

To enable flow tracking on a managed FortiSwitch unit:

config system interface

edit <FortiLink_interface>

set ip <IP_address_and_netmask>

set switch-controller-netflow-collect enable

next

end

config switch-controller flow-tracking

set sample-mode {local | perimeter | device-ingress}

set sample-rate <0-99999>

set format {netflow1 | netflow5 | netflow9 | ipfix}

set level {vlan | ip | port | proto}

set max-export-pkt-size <512-9216 bytes; default is 512>

set template-export-period <1-60 minutes, default is 5>

set timeout-general <60-604800 seconds; default is 3600>

set timeout-icmp <60-604800 seconds; default is 300>

set timeout-max <60-604800 seconds; default is 604800>

set timeout-tcp <60-604800 seconds; default is 3600>

set timeout-tcp-fin <60-604800 seconds; default is 300>

set timeout-tcp-rst <60-604800 seconds; default is 120>

set timeout-udp <60-604800 seconds; default is 300>

config collectors

edit <flow_collector_name>

set ip <flow_collector_IPv4_address>

set port <0-65535>

set transport {udp | tcp | sctp}

end

config aggregates

edit <aggregate_ID>

set <IPv4_address>

end

end

For example, to configure port11 as the FortiLink interface, enable the collection of data in NetFlow format from the switch controller, enable flow tracking in the managed switch, and send NetFlow data to the FortiGate device:

config system interface

edit "port11"

set fortilink enable

set ip 10.255.1.1 255.255.255.0

set switch-controller-netflow-collect enable

next

end

config switch-controller flow-tracking

set sample-mode perimeter

set sample-rate 10

set format netflow9

config collectors

edit "1"

set ip 10.255.1.1

set port 0

set transport udp

next

end

set level ip

set max-export-pkt-size 512

set template-export-period 5

set timeout-general 300

set timeout-icmp 300

set timeout-max 604800

set timeout-tcp 300

set timeout-tcp-fin 300

set timeout-tcp-rst 120

set timeout-udp 300

end

To check the status of the flow collector:

diagnose switch-controller flow-collector status

For example:

FGT_A (vdom1) # diagnose switch-controller flow-collector status

status : enabled

interface : port11

netflow packets : 1300

unknown packets : 0

flows : 42

flows filtered : 201

flowsets skipped : 17129

To add the FortiView Internal Hubs monitor:

1. Under Dashboard and click + to add a monitor.

2. In the Add Monitor pane, click the + by FortiView Internal Hubs.

3. From the FortiGate dropdown list, select which FortiGate device to monitor.

4. From the Time Period dropdown list, select how long to monitor (5 minutes, 1 hour, or 24 hours).

   

5. Click Add Monitor.

6. Under Dashboard, select FortiView Internal Hubs to display the FortiView Internal Hubs page.

   

7. Right-click on one of the devices and select Drill Down to Details.

   

8. You can select the Chart or Table tab to change how the details are displayed.