How can we help?

How to configure NetFlow on Fortinet FortiGate firewalls

Follow

These instructions assume:

  • The date, time and time zone are correctly set on the firewall.
  • You have Telnet or SSH credentials and access to your Fortinet FortiGate firewall.
  • The IP address of your Auvik collector is known.

Note: FortiGate does not support sampling with Netflow.   If you need to configure flow sampling, please set up sFlow instead.

Access your firewall CLI

  1. Telnet or SSH into your firewall.
  2. Ensure you're logged in as a privileged user.

Enable NetFlow

On your firewall, execute the commands listed below.

Replace <AuvikCollectorIP> with the IP of your Auvik collector, <AuvikPort> with one of the following ports: 2055, 2056, 4432, 4739, 6343, 9995, or 9996, and <FW LAN/Mgmt IP> with the IP address of the interface from where the device will be sending Netflow. This last this step is mandatory if the Netflow traffic has to traverse a VPN in order to reach the collector.

In the example below, port 1 represents the interface where you're capturing flows, usually the LAN. Change this value based on which interface you're monitoring with NetFlow.

config system netflow
set collector-ip <AuvikCollectoIP>
set collector-port <AuvikPort>
set source-ip <FW LAN/Mgmt IP> end config system interface edit <port1> set netflow-sampler both end

Multiple Collectors

For newer software versions (7.4.2 and higher), Fortinet included the capability to work with multiple collectors. In this case use the following configuration:

show system netflow

config system netflow
config collectors
edit <1-6>
set collector-ip <AuvikCollectorIP>
set collector-port <2055, 2056, 4432, 4739, 6343, 9995, 9996>
set source-ip <LAN/Management IP address>
set interface-select-method auto
next
end
end
config system interface
edit <port1>
set netflow-sampler both
next
end

References:

 

Was this article helpful?
6 out of 25 found this helpful
Have more questions? Submit a request