Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

PaulAmma1
New Contributor

Enabling Netflow

I've been trying to enable Netflow on a firewall and I'm a little stumped.

This is the document that I used for reference: http://kb.fortinet.com/kb/documentLink.do?externalID=FD36460

I configured the Netflow collector IP, enabled Netflow on the interface and verified that the collector IP is in the correct rule.

When I do a diag sys tcpsock, I don't see any connection from the firewall going to the collector IP.

Am I missing something?

2 REPLIES 2
Andre_Machado_da_Sil
New Contributor

Netflow is UDP.

Try other diagnostic command like described on the KB.

[cid:image002.png@01D27BE5.48C82850] http://www.amsinetworks.com

Andre Silva - andre@amsinetworks.com<mailto:andre@amsinetworks.com>
Direto: +55 (21) 3500 8100
RJ: +55 (21) 2223 6446 - SP: +55 (11) 2824 6114
Skype:andre_ams
US/CA: +1 (604) 500 2170
Videoconferencia – Clique Aqui https://portal.starleaf.com/webrtc?target=andre%40amsi.com.br





From: Paul Ammann via Firewall: [mailto:firewall@lists.fusecommunity.fortinet.com]
Sent: March 16, 2018 9:03 AM
To: firewall@lists.fusecommunity.fortinet.com
Subject: [Firewall:] - Enabling Netflow


I've been trying to enable Netflow on a firewall and I'm a little stumped.

This is the document that I used for reference: http://kb.fortinet.com/kb/documentLink.do?externalID=FD36460

I configured the Netflow collector IP, enabled Netflow on the interface and verified that the collector IP is in the correct rule.

When I do a diag sys tcpsock, I don't see any connection from the firewall going to the collector IP.

Am I missing something?

-----End Original Message-----
-- Andre Machado da Silva - AMS Informatica Tel (21) 2253 5976 - Fax (21) 2233 0561 Novo SITE: http://www.amsi.com.br
-- Andre Machado da Silva - AMS Informatica Tel (21) 2253 5976 - Fax (21) 2233 0561 Novo SITE: http://www.amsi.com.br
PaulAmma1

The diagnostic commands ... diagnose sniffer packet ... shows no traffic as well.

Checked the firewall logs, and I don't see traffic to the collector IP.