This article describes how to configure a FortiGate for NetFlow.
NetFlow is a feature that provides the ability to collect IP network traffic as it enters or exits an interface.
By analyzing the data provided by NetFlow, a network administrator can determine items such as the source and destination of traffic, class of service, and the causes of congestion.
NetFlow records are traditionally exported using User Datagram Protocol (UDP) and collected using a NetFlow collector.
The IP address of the NetFlow collector and the destination UDP port must be configured on the sending device (in this case, it is the FortiGate).
The standard value is UDP port 2055, but other values like 9555, 9025, or 9026 can also be used.
In a multi-VDOM environment, it will not be possible to configure Netflow on the root VDOM or any management VDOM as this configuration will be inherited from the global VDOM.
Server1 ------------|P2_FGT_P1 |--------------- Client1
Client2 ------------|__________|--------------- Server2
Verification of Configuration and troubleshooting.
If data is not seen on the Netflow collector after configuring the Netflow as shown above, the following sniffer commands should help verify if there is communication between the FortiGate and the Netflow collector: