How can we help?

How to configure NetFlow on Fortinet FortiGate firewalls

Follow

These instructions assume:

  • The date, time and time zone are correctly set on the firewall.
  • You have Telnet or SSH credentials and access to your Fortinet FortiGate firewall.
  • The IP address of your Auvik collector is known.

Note: FortiGate does not support sampling with Netflow.   If you need to configure flow sampling, please set up sFlow instead.

Access your firewall CLI

  1. Telnet or SSH into your firewall.
  2. Ensure you're logged in as a privileged user.

Enable NetFlow

On your firewall, execute the commands listed below.

Replace <AuvikCollectorIP> with the IP of your Auvik collector, <AuvikPort> with one of the following ports: 2055, 2056, 4432, 4739, 6343, 9995, or 9996, and <FW LAN/Mgmt IP> with the IP address of the interface from where the device will be sending Netflow. This last this step is mandatory if the Netflow traffic has to traverse a VPN in order to reach the collector.

In the example below, port 1 represents the interface where you're capturing flows, usually the LAN. Change this value based on which interface you're monitoring with NetFlow.

config system netflow
set collector-ip <AuvikCollectoIP>
set collector-port <AuvikPort>
set source-ip <FW LAN/Mgmt IP> end config system interface edit "port1" set netflow-sampler both end

References:

 

Was this article helpful?
6 out of 22 found this helpful
Have more questions? Submit a request