In FortiLink mode, Fortinet firewalls (FortiGate) and switches (FortiSwitch) can operate together as a single managed network entity, sharing a single IP address for the FortiSwitch Management Interface. This setup simplifies network management and allows the FortiGate to manage connected FortiSwitches directly.
Auvik TrafficInsights matches flows to device via the source IP of the flow packet, which means it is necessary to create a unique interface and IP address on the switch and configure the netflow packets to be sent from that interface and IP address to be able to attach the data from the flow packets to that specific switch. Without that there’s nothing in the data of the flow packets to enable Auvik to identify where it came from.
To configure flow tracking on managed FortiSwitch units:
config switch-controller flow-tracking
set sample-mode <local | perimeter | device-ingress>
set sample-rate <0-99999>
set format <netflow5 | netflow9 | ipfix>
set level <vlan | ip | port | proto>
set max-export-pkt-size <512-9216 bytes; default is 512>
set template-export-period <1-60 minutes, default is 5>
set timeout-general <60-604800 seconds; default is 3600>
set timeout-icmp <60-604800 seconds; default is 300>
set timeout-max <60-604800 seconds; default is 604800>
set timeout-tcp <60-604800 seconds; default is 3600>
set timeout-tcp-fin <60-604800 seconds; default is 300>
set timeout-tcp-rst <60-604800 seconds; default is 120>
set timeout-udp <60-604800 seconds; default is 300>
config collectors
edit <collector_name>
set ip <IPv4_address>
set port <0-65535>
set transport <udp | tcp >
end
config aggregates
edit <aggregate_ID>
set <IPv4_address>
end
end
Configure the aggregates
This is the unique interface and IP address that TrafficInsights will collect data from.
Configure the sampling mode
You can set the sampling mode to local, perimeter, or device-ingress.
- The local mode samples packets on a specific FortiSwitch port.
- The perimeter mode samples packets on all FortiSwitch ports that receive data traffic, except for ISL and ICL ports. For perimeter mode, you can also configure the sampling rate.
- The device-ingress mode samples packets on all FortiSwitch ports that receive data traffic for hop-by-hop tracking. For device-ingress mode, you can also configure the sampling rate.
Configure the sampling rate
For perimeter or device-ingress sampling, you can set the sampling rate, which samples 1 out of the specified number of packets. The default sampling rate is 1 out of 512 packets.
For our recommendations on sampling rate, click here.
Configure the flow-tracking protocol
You can set the format of exported flow data as NetFlow version 5, NetFlow version 9, or IPFIX sampling.
Note: TrafficInsights does not support Netflow version 1.
While both NetFlow and IPFIX are protocols for exporting network flow data, IPFIX is generally considered better because it's an open standard, offering more flexibility and a wider range of data collection capabilities than the proprietary NetFlow protocol.
Configure collector IP address
This needs to be set to the IP address of your Auvik collector. The format is xxx.xxx.xxx.xxx.
Configure the transport protocol
You can set exported packets to use UDP or TCP.
Note: TrafficInsights does not support SCTP.
Configure the flow-tracking level
You can set the flow-tracking level to one of the following:
- vlan—The FortiSwitch unit collects source IP address, destination IP address, source port, destination port, protocol, Type of Service, and VLAN from the sample packet.
- ip—The FortiSwitch unit collects source IP address and destination IP address from the sample packet.
- port—The FortiSwitch unit collects source IP address, destination IP address, source port, destination port, and protocol from the sample packet.
- proto—The FortiSwitch unit collects source IP address, destination IP address, and protocol from the sample packet.
Configure the maximum exported packet size
You can set the maximum size of exported packets in the application level.