This sample configuration is based on a Fortinet Fortigate 60D firewall. Other models may have slight configuration variations.
If you're collecting flow from multiple devices sharing the same public IP, you must configure chfagent to send flow to Kentik.
These instructions assume:
- You have Telnet / SSH credentials and access to your Fortigate firewall.
- Have your your enable password, if applicable.
- The device has already been added to your AuvikFlow (Kentik) integration.
- The sampling rate will be set to 1024.
Access your router’s CLI
- Telnet or SSH into your Fortigate router.
- (If necessary) Enter privileged mode by typing enable and entering your enable password.
Next, we’ll be inputting commands that do a few things:
- Enable the sFlow process on your firewall.
- Configure the process to send flow packets to the appropriate server and port.
- Configure the WAN port to generate a flow packet for every 1024 packets that transit the interface.
- Save and apply our configuration changes.
- Note: In the example below, port 1 is considered our WAN interface. You’ll need to change this value based on your interface definitions.
On your router, type:
config system sflow
set collector-ip 208.76.14.247
set collector-port 20013
end
config system interface
edit "port 1"
set sflow-sampler enable
set sample-rate 1024
set sample-direction both
set polling-interval 30
next
end
cfg save
All done.
Comments