These instructions assume:
- The date, time and time zone are correctly set on the firewall.
- You have Telnet or SSH credentials and access to your Fortinet FortiGate firewall.
- The IP address of your Auvik collector is known.
Note: FortiGate does not support sampling with Netflow. If you need to configure flow sampling, please set up sFlow instead.
Access your firewall CLI
- Telnet or SSH into your firewall.
- Ensure you're logged in as a privileged user.
Enable NetFlow
On your firewall, execute the commands listed below.
Replace <AuvikCollectorIP> with the IP of your Auvik collector, <AuvikPort> with one of the following ports: 2055, 2056, 4432, 4739, 6343, 9995, or 9996, and <FW LAN/Mgmt IP> with the IP address of the interface from where the device will be sending Netflow. This last this step is mandatory if the Netflow traffic has to traverse a VPN in order to reach the collector.
In the example below, port 1 represents the interface where you're capturing flows, usually the LAN. Change this value based on which interface you're monitoring with NetFlow.
config system netflow set collector-ip <AuvikCollectoIP>
set collector-port <AuvikPort>
set source-ip <FW LAN/Mgmt IP> end config system interface edit "port1" set netflow-sampler both end
References:
- http://help.fortinet.com/fweb/555/Content/FortiWeb/fortiweb-admin/configure_dns_settings.htm
- http://help.fortinet.com/fweb/536/Content/FortiWeb/fortiweb-admin/time.htm
- https://kb.fortinet.com/kb/documentLink.do?externalID=FD36460
- https://kb.fortinet.com/kb/documentLink.do?externalID=FD43715
- https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-sample-rate-for-Netflow/ta-p/190516?externalID=FD43715