How to configure NetFlow on Fortinet FortiGate firewalls

These instructions assume:

• The date, time and time zone are correctly set on the firewall.
• You have Telnet or SSH credentials and access to your Fortinet FortiGate firewall.
• The IP address of your Auvik collector is known.

Note: FortiGate does not support sampling with Netflow.   If you need to configure flow sampling, please set up sFlow instead.

Access your firewall CLI

1. Telnet or SSH into your firewall.
2. Ensure you're logged in as a privileged user.

Enable NetFlow

On your firewall, execute the commands listed below.

Replace <AuvikCollectorIP> with the IP of your Auvik collector, <AuvikPort> with one of the following ports: 2055, 2056, 4432, 4739, 6343, 9995, or 9996, and <FW LAN/Mgmt IP> with the IP address of the interface from where the device will be sending Netflow. This last this step is mandatory if the Netflow traffic has to traverse a VPN in order to reach the collector.

In the example below, port 1 represents the interface where you're capturing flows, usually the LAN. Change this value based on which interface you're monitoring with NetFlow.

config system netflow
set collector-ip <AuvikCollectoIP>
set collector-port <AuvikPort>
set source-ip <FW LAN/Mgmt IP>
end

config system interface
edit <port1>
set netflow-sampler both
end

Multiple Collectors

For newer software versions (7.4.2 and higher), Fortinet included the capability to work with multiple collectors. In this case use the following configuration:

show system netflow

config system netflow
  config collectors
     edit <1-6>
        set collector-ip <AuvikCollectorIP>
        set collector-port <2055, 2056, 4432, 4739, 6343, 9995, 9996>
        set source-ip <LAN/Management IP address>
        set interface-select-method auto
     next
   end
end
config system interface
   edit <port1>
     set netflow-sampler both
   next
end

References:

• http://help.fortinet.com/fweb/555/Content/FortiWeb/fortiweb-admin/configure_dns_settings.htm
• http://help.fortinet.com/fweb/536/Content/FortiWeb/fortiweb-admin/time.htm
• https://kb.fortinet.com/kb/documentLink.do?externalID=FD36460
• https://kb.fortinet.com/kb/documentLink.do?externalID=FD43715
• https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-sample-rate-for-Netflow/ta-p/190516?externalID=FD43715