Allow multiple Netflow collectors 7.4.2
|
This information is also available in the FortiOS 7.4 Administration Guide: |
FortiOS can be configured with a maximum of six NetFlow collectors. This also applies to multi-VDOM environments where a maximum of six NetFlow collectors can be used globally or on a per-VDOMs basis. This feature enables up to a maximum of six unique parallel NetFlow streams or transmissions per NetFlow sample to six different NetFlow collectors. The NetFlow collector configuration can only be configured in the CLI.
config system {netflow | vdom-netflow}
config collectors
edit <id>
set collector-ip <IP address>
set collector-port <port>
set source-ip <IP address>
set interface-select-method {auto | sdwan | specify}
set interface <interface>
next
end
end
collector-ip
|
Enter the IPv4 or IPv6 address of the NetFlow collector that NetFlow agents added to interfaces in this VDOM send NetFlow datagrams to. |
collector-port
|
Enter the UDP port number used for sending NetFlow datagrams; only configure if it is required by the NetFlow collector or network configuration (0 - 65535, default = 6343). |
source-ip
|
Enter the source IPv4 or IPv6 address for the NetFlow agent. |
interface-select-method
|
Specify how to select the outgoing interface to reach the server.
|
interface <interface>
|
Enter the outgoing interface to reach the server. |
|
|
If the |
Example 1: Multiple NetFlow collectors in a non-VDOM environment
In this example, six NetFlow collectors are configured in a non-VDOM environment with NetFlow sampling on the port1 interface.
To configure multiple NetFlow collectors:
-
Configure the NetFlow collectors:
config system netflow config collectors set active-flow-timeout 60 set template-tx-timeout 60 edit 1 set collector-ip 172.16.200.155 set collector-port 2055 set source-ip 172.16.200.6 set interface-select-method specify set interface "port1" next edit 2 set collector-ip 10.1.100.59 set collector-port 2056 set source-ip 10.1.100.6 set interface-select-method specify set interface "port2" next edit 3 set collector-ip 172.18.60.80 set collector-port 2057 set interface-select-method specify set interface "port1" next edit 4 set collector-ip "172.18.60.1" set collector-port 2058 next edit 5 set collector-ip "172.18.60.3" set collector-port 2059 next edit 6 set collector-ip "172.18.60.4" set collector-port 2060 next end end -
Configure NetFlow sampling on port1:
config system interface edit port1 set netflow-sampler both next end -
Verify the NetFlow diagnostics.
-
Verify the NetFlow configuration status:
# diagnose test application sflowd 3 ===== Netflow Vdom Configuration ===== Global collector(s) active-timeout(seconds):60 inactive-timeout(seconds):15 Collector id:1: 172.16.200.155[2055] source IP:172.16.200.6 Collector id:2: 10.1.100.59[2056] source IP:10.1.100.6 Collector id:3: 172.18.60.80[2057] source IP: Collector id:4: 172.18.60.1[2058] source IP: Collector id:5: 172.18.60.3[2059] source IP: Collector id:6: 172.18.60.4[2060] source IP: ____ vdom: root, index=0, is master, collector: disabled (use global config) (mgmt vdom) |_ coll_ip:172.16.200.155:2056,src_ip:172.16.200.6 |_ coll_ip:10.1.100.59:2057,src_ip:10.1.100.6 |_ coll_ip:172.18.60.80:2058,src_ip:172.16.200.6 |_ coll_ip:172.18.60.1:2058,src_ip:172.16.200.6 |_ coll_ip:172.18.60.3:2059,src_ip:172.16.200.6 |_ coll_ip:172.18.60.4:2060,src_ip:172.16.200.6 |_ seq_num:13 pkts/time to next template: 16/29 |_ exported: Bytes:2533746, Packets:3911, Sessions:70 Flows:70 |_ active_intf: 1 |____ interface:port1 sample_direction:both device_index:9 snmp_index:3 -
Verify the sampled NetFlow traffic packet capture:
# diagnose sniffer packet any 'udp and port 2056 or 2057 or 2058' 4 filters=[udp and port 2056 or 2057 or 2058] 5.717060 port1 out 172.16.200.6.2472 -> 172.16.200.155.2055: udp 60 5.717068 port2 out 10.1.100.6.2472 -> 10.1.100.59.2056: udp 60 5.717075 port1 out 172.16.200.6.2472 -> 172.18.60.80.2057: udp 60 5.717078 port1 out 172.16.200.6.2472 -> 172.18.60.1.2058: udp 60 5.717081 port1 out 172.16.200.6.2472 -> 172.18.60.3.2059: udp 60 5.717085 port1 out 172.16.200.6.2472 -> 172.18.60.4.2060: udp 60
-
Example 2: Multiple NetFlow collectors in a multi-VDOM environment
In this example, six NetFlow collectors are configured in a multi-VDOM environment globally and per VDOM. NetFlow sampling is on the port1 and port4 interfaces.
|
|
Please note it is not mandatory to set up per-VDOM NetFlow collectors in a multi-vdom environment. However, if you don’t enable per-VDOM collectors, the settings of the global NetFlow Collector will be used instead. |
To configure multiple NetFlow collectors:
-
Configure the global NetFlow collectors:
config system netflow config collectors set active-flow-timeout 60 set template-tx-timeout 60 edit 1 set collector-ip 172.16.200.155 set collector-port 2055 set source-ip 172.16.200.6 set interface-select-method specify set interface "port1" next edit 2 set collector-ip 10.1.100.59 set collector-port 2056 set source-ip 10.1.100.6 set interface-select-method specify set interface "port2" next edit 3 set collector-ip 172.18.60.80 set collector-port 2057 set interface-select-method specify set interface "port1" next edit 4 set collector-ip "172.18.60.1" set collector-port 2058 next edit 5 set collector-ip "172.18.60.3" set collector-port 2059 next edit 6 set collector-ip "172.18.60.4" set collector-port 2060 next end end -
Configure the per-VDOM NetFlow collectors:
config system vdom-netflow set vdom-netflow enable config collectors edit 1 set collector-ip "172.10.100.101" set collector-port 2059 next edit 2 set collector-ip "172.10.100.102" set collector-port 2060 next edit 3 set collector-ip "172.10.100.103" set collector-port 2061 next edit 4 set collector-ip "172.10.100.104" set collector-port 2062 next edit 5 set collector-ip "172.10.100.105" set collector-port 2063 next edit 6 set collector-ip "172.10.100.106" set collector-port 2064 next end end -
Configure NetFlow sampling on port1 and port4:
config system interface edit port1 set netflow-sampler both next edit port4 set netflow-sampler both next end
In a multi-VDOM environment, ensure the interface selected for NetFlow sampling is in the same VDOM as the per-VDOM NetFlow collector. For global NetFlow collectors, the interface selected for NetFlow sampling should be in the management VDOM.
-
Verify the NetFlow diagnostics.
-
Verify the NetFlow configuration status:
# diagnose test application sflowd 3 ===== Netflow Vdom Configuration ===== Global collector(s) active-timeout(seconds):60 inactive-timeout(seconds):15 Collector id:1: 172.16.200.155[2055] source IP:172.16.200.6 Collector id:2: 10.1.100.59[2056] source IP:10.1.100.6 Collector id:3: 172.18.60.80[2057] source IP: Collector id:4: 172.18.60.1[2058] source IP: Collector id:5: 172.18.60.3[2059] source IP: Collector id:6: 172.18.60.4[2060] source IP: ____ vdom: root, index=0, is master, collector: disabled (use global config) (mgmt vdom) |_ coll_ip:172.16.200.155:2056,src_ip:172.16.200.6 |_ coll_ip:10.1.100.59:2057,src_ip:10.1.100.6 |_ coll_ip:172.18.60.80:2058,src_ip:172.16.200.6 |_ coll_ip:172.18.60.1:2058,src_ip:172.16.200.6 |_ coll_ip:172.18.60.3:2059,src_ip:172.16.200.6 |_ coll_ip:172.18.60.4:2060,src_ip:172.16.200.6 |_ seq_num:13 pkts/time to next template: 16/29 |_ exported: Bytes:2533746, Packets:3911, Sessions:70 Flows:70 |_ active_intf: 1 |____ interface:port1 sample_direction:both device_index:9 snmp_index:3 ____ vdom: vdom1, index=1, is master, collector: enabled |_ coll_ip:172.10.100.101:2059,src_ip:20.1.100.111 |_ coll_ip:172.10.100.102:2060,src_ip:20.1.100.111 |_ coll_ip:172.10.100.103:2061,src_ip:20.1.100.111 |_ coll_ip:172.10.100.104:2062,src_ip:20.1.100.111 |_ coll_ip:172.10.100.105:2063,src_ip:20.1.100.111 |_ coll_ip:172.10.100.106:2064,src_ip:20.1.100.111 |_ seq_num:27 pkts/time to next template: 15/18 |_ exported: Bytes:5040, Packets:60, Sessions:6 Flows:6 |_ active_intf: 1 |____ interface:port4 sample_direction:both device_index:12 snmp_index:6 -
Verify the sampled NetFlow traffic packet capture:
# diagnose sniffer packet any 'udp and port 2059 or 2060 or 2061 or 2062 or 2063 or 2064' 4 filters=[udp and port 2059 or 2060 or 2061 or 2062 or 2063 or 2064] 7.005812 port4 out 20.1.100.111.2472 -> 172.10.100.101.2059: udp 60 7.005821 port4 out 20.1.100.111.2472 -> 172.10.100.102.2060: udp 60 7.005826 port4 out 20.1.100.111.2472 -> 172.10.100.103.2061: udp 60 7.005830 port4 out 20.1.100.111.2472 -> 172.10.100.104.2062: udp 60 7.005834 port4 out 20.1.100.111.2472 -> 172.10.100.105.2063: udp 60 7.005838 port4 out 20.1.100.111.2472 -> 172.10.100.106.2064: udp 60
-