Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • New Features

    7.2.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.0

    Add FortiView Internal Hubs monitor 7.2.4

    Add FortiView Internal Hubs monitor 7.2.4

    When you sample IP packets on managed FortiSwitch units with flow tracking, you can use the FortiView Internal Hubs monitor in FortiOS to report the IP addresses and the number of bytes collected from devices behind a FortiSwitch unit. If you drill down on one of the devices, you can see a chart displaying the devices and how they are connected.

    Note
    To use the FortiView Internal Hubs monitor:

    • The IP address for the flow collector (collector-ip) must be the same IP address as the FortiLink interface.

    • The FortiGate model must have a hard drive, and you must enable historical FortiView and disk logging in the Log & Report > Log Settings page.

    • FortiAnalyzer is not supported.
    To enable flow tracking on a managed FortiSwitch unit:

    config system interface

    edit <FortiLink_interface>

    set ip <IP_address_and_netmask>

    set switch-controller-netflow-collect enable

    next

    end

    config switch-controller flow-tracking

    set sample-mode {local | perimeter | device-ingress}

    set sample-rate <0-99999>

    set format {netflow1 | netflow5 | netflow9 | ipfix}

    set level {vlan | ip | port | proto}

    set max-export-pkt-size <512-9216 bytes; default is 512>

    set template-export-period <1-60 minutes, default is 5>

    set timeout-general <60-604800 seconds; default is 3600>

    set timeout-icmp <60-604800 seconds; default is 300>

    set timeout-max <60-604800 seconds; default is 604800>

    set timeout-tcp <60-604800 seconds; default is 3600>

    set timeout-tcp-fin <60-604800 seconds; default is 300>

    set timeout-tcp-rst <60-604800 seconds; default is 120>

    set timeout-udp <60-604800 seconds; default is 300>

    config collectors

    edit <flow_collector_name>

    set ip <flow_collector_IPv4_address>

    set port <0-65535>

    set transport {udp | tcp | sctp}

    end

    config aggregates

    edit <aggregate_ID>

    set <IPv4_address>

    end

    end

    For example, to configure port11 as the FortiLink interface, enable the collection of data in NetFlow format from the switch controller, enable flow tracking in the managed switch, and send NetFlow data to the FortiGate device:

    config system interface

    edit "port11"

    set fortilink enable

    set ip 10.255.1.1 255.255.255.0

    set switch-controller-netflow-collect enable

    next

    end

    config switch-controller flow-tracking

    set sample-mode perimeter

    set sample-rate 10

    set format netflow9

    config collectors

    edit "1"

    set ip 10.255.1.1

    set port 0

    set transport udp

    next

    end

    set level ip

    set max-export-pkt-size 512

    set template-export-period 5

    set timeout-general 300

    set timeout-icmp 300

    set timeout-max 604800

    set timeout-tcp 300

    set timeout-tcp-fin 300

    set timeout-tcp-rst 120

    set timeout-udp 300

    end

    To check the status of the flow collector:

    diagnose switch-controller flow-collector status

    For example:

    FGT_A (vdom1) # diagnose switch-controller flow-collector status

    status : enabled

    interface : port11

    netflow packets : 1300

    unknown packets : 0

    flows : 42

    flows filtered : 201

    flowsets skipped : 17129

    To add the FortiView Internal Hubs monitor:

    1. Under Dashboard and click + to add a monitor.

    2. In the Add Monitor pane, click the + by FortiView Internal Hubs.

    3. From the FortiGate dropdown list, select which FortiGate device to monitor.

    4. From the Time Period dropdown list, select how long to monitor (5 minutes, 1 hour, or 24 hours).

    5. Click Add Monitor.

    6. Under Dashboard, select FortiView Internal Hubs to display the FortiView Internal Hubs page.

    7. Right-click on one of the devices and select Drill Down to Details.

    8. You can select the Chart or Table tab to change how the details are displayed.

    Previous
    Next

    Add FortiView Internal Hubs monitor 7.2.4

    Add FortiView Internal Hubs monitor 7.2.4

    When you sample IP packets on managed FortiSwitch units with flow tracking, you can use the FortiView Internal Hubs monitor in FortiOS to report the IP addresses and the number of bytes collected from devices behind a FortiSwitch unit. If you drill down on one of the devices, you can see a chart displaying the devices and how they are connected.

    Note
    To use the FortiView Internal Hubs monitor:

    • The IP address for the flow collector (collector-ip) must be the same IP address as the FortiLink interface.

    • The FortiGate model must have a hard drive, and you must enable historical FortiView and disk logging in the Log & Report > Log Settings page.

    • FortiAnalyzer is not supported.
    To enable flow tracking on a managed FortiSwitch unit:

    config system interface

    edit <FortiLink_interface>

    set ip <IP_address_and_netmask>

    set switch-controller-netflow-collect enable

    next

    end

    config switch-controller flow-tracking

    set sample-mode {local | perimeter | device-ingress}

    set sample-rate <0-99999>

    set format {netflow1 | netflow5 | netflow9 | ipfix}

    set level {vlan | ip | port | proto}

    set max-export-pkt-size <512-9216 bytes; default is 512>

    set template-export-period <1-60 minutes, default is 5>

    set timeout-general <60-604800 seconds; default is 3600>

    set timeout-icmp <60-604800 seconds; default is 300>

    set timeout-max <60-604800 seconds; default is 604800>

    set timeout-tcp <60-604800 seconds; default is 3600>

    set timeout-tcp-fin <60-604800 seconds; default is 300>

    set timeout-tcp-rst <60-604800 seconds; default is 120>

    set timeout-udp <60-604800 seconds; default is 300>

    config collectors

    edit <flow_collector_name>

    set ip <flow_collector_IPv4_address>

    set port <0-65535>

    set transport {udp | tcp | sctp}

    end

    config aggregates

    edit <aggregate_ID>

    set <IPv4_address>

    end

    end

    For example, to configure port11 as the FortiLink interface, enable the collection of data in NetFlow format from the switch controller, enable flow tracking in the managed switch, and send NetFlow data to the FortiGate device:

    config system interface

    edit "port11"

    set fortilink enable

    set ip 10.255.1.1 255.255.255.0

    set switch-controller-netflow-collect enable

    next

    end

    config switch-controller flow-tracking

    set sample-mode perimeter

    set sample-rate 10

    set format netflow9

    config collectors

    edit "1"

    set ip 10.255.1.1

    set port 0

    set transport udp

    next

    end

    set level ip

    set max-export-pkt-size 512

    set template-export-period 5

    set timeout-general 300

    set timeout-icmp 300

    set timeout-max 604800

    set timeout-tcp 300

    set timeout-tcp-fin 300

    set timeout-tcp-rst 120

    set timeout-udp 300

    end

    To check the status of the flow collector:

    diagnose switch-controller flow-collector status

    For example:

    FGT_A (vdom1) # diagnose switch-controller flow-collector status

    status : enabled

    interface : port11

    netflow packets : 1300

    unknown packets : 0

    flows : 42

    flows filtered : 201

    flowsets skipped : 17129

    To add the FortiView Internal Hubs monitor:

    1. Under Dashboard and click + to add a monitor.

    2. In the Add Monitor pane, click the + by FortiView Internal Hubs.

    3. From the FortiGate dropdown list, select which FortiGate device to monitor.

    4. From the Time Period dropdown list, select how long to monitor (5 minutes, 1 hour, or 24 hours).

    5. Click Add Monitor.

    6. Under Dashboard, select FortiView Internal Hubs to display the FortiView Internal Hubs page.

    7. Right-click on one of the devices and select Drill Down to Details.

    8. You can select the Chart or Table tab to change how the details are displayed.

    Previous
    Next