Manufacturer:  Fortinet

Model(s): Fortigate Firewalls (All models)

Version(s): FortiOS 7.2.3+

URL:  https://docs.fortinet.com/document/fortigate/7.2.3/administration-guide/998643/netflow

Notes:

  • NetFlow samplers, that sample every packet, are configured per interface.
  • Full NetFlow is supported through the information maintained in the firewall session.

Configuration steps

  1. Enable global Netflow settings
config system netflow
    set collector-ip <ip>
    set collector-port <port>
    set source-ip <ip>
    set active-flow-timeout <integer>
    set inactive-flow-timeout <integer>
    set template-tx-timeout <integer>
    set template-tx-counter <integer>
end

CLI command

Description

 
collector-ip <ip>

IPv4 address of the Plixer Scrutinizer collector

 
collector-port <port>

Destination port number to be used when sending netflow (0 – 65535).  Netflow v9 uses 2055, IPFIX uses 4739 by default.

 
source-ip <ip>

Source IPv4 address, for communication with the NetFlow collector

 
active-flow-timeout <integer>

Timeout to report active flows, in minutes (1 – 60, default = 30).  Note: Plixer prefers using 1 minute timeout.

 
inactive-flow-timeout <integer>

Timeout for periodic report of finished flows, in seconds (10 – 600, default = 15).

Note: Plixer prefers using a 15 second timeout.

 
template-tx-timeout <integer>

Timeout for periodic template flowset transmission, in minutes (1 – 1440, default = 30).

Note: Plixer prefers using 1 minute timeout.

 
template-tx-counter <integer>

Counter of flowset records, before resending a template flowset record (10 – 6000, default = 20).

Note: Plixer prefers using 1 minute timeout.
2.     Configure the NetFlow sampler on interfaces
config system interface
    edit <interface>
        set netflow-sampler {disable | tx | rx | both}
    next
end

CLI Command

Description

 
disable

Disable the NetFlow protocol on this interface (default)

 
tx

Monitor transmitted traffic on this interface

 
rx

Monitor received traffic on this interface

 
both

Monitor transmitted/received traffic on this interface. Plixer recommends using this setting
3.     (Optional) Configuring NetFlow in a Virtual Domain (VDOM)
config vdom
    edit <vdom>
        config system vdom-netflow
            set vdom-netflow enable
            set collector-ip <ip>
            set collector-port <port>
            set source-ip <ip>
        end
    next
end
  1. Apply and save the configuration