Technical Tip: Migrating to a single NetFlow configuration to all VDOMs

ASMarks · ‎12-12-2024

Description

This article describes the process of migrating to a single configuration for NetFlow for a FortiGate running Muti-VDOMs environment.

Scope

FortiGate with Mutli-VDOM enabled and NetFlow configured.

Solution

NetFlow Configured on multiple VDOMs:

FortiGate-60E (global) # diagnose test application sflowd 3

===== Netflow Vdom Configuration =====
Global collector:10.99.99.254:[2055] source ip: 10.1.1.99 active-timeout(seconds):1800 inactive-timeout(seconds):15

____ vdom: root, index=0, is master, collector: disabled (use global config) (mgmt vdom)
|_ coll_ip:10.99.99.254:2055,src_ip:10.1.1.99
|_ seq_num:26 pkts/time to next template: 14/1407
|_ exported: Bytes:0, Packets:0, Sessions:0 Flows:0
|_ active_intf: 3
|____ interface:wan1 sample_direction:both device_index:5 snmp_index:1
|____ interface:wan2 sample_direction:both device_index:6 snmp_index:2
|____ interface:dmz sample_direction:both device_index:7 snmp_index:3

____ vdom: Security, index=3, is master, collector: enabled
|_ coll_ip:10.99.99.254:2055,src_ip:10.20.20.99
|_ seq_num:9 pkts/time to next template: 11/1407
|_ exported: Bytes:0, Packets:0, Sessions:0 Flows:0
|_ active_intf: 1
|____ interface:internal1 sample_direction:both device_index:8 snmp_index:4

____ vdom: Sales, index=4, is master, collector: enabled
|_ coll_ip:10.99.99.254:2055,src_ip:10.30.30.99
|_ seq_num:2 pkts/time to next template: 18/1407
|_ exported: Bytes:0, Packets:0, Sessions:0 Flows:0
|_ active_intf: 1
|____ interface:internal3 sample_direction:both device_index:10 snmp_index:6

As seen in the above output, each VDOM has a unique collector and source IP address.

By unsetting each VDOMs NetFlow configuration they will take on the Global VDOM configuration:

FortiGate-60E # config vdom

FortiGate-60E (vdom) # edit Security
current vf=Security:3

FortiGate-60E (Security) # config system vdom-netflow

FortiGate-60E (vdom-netflow) # unset vdom-netflow

FortiGate-60E (vdom-netflow) # end
vdom netflow collector is disabled, global netflow collector will be used.

FortiGate-60E (Security) # next

FortiGate-60E (vdom) # edit Sales
current vf=Sales:4

FortiGate-60E (Sales) # config system vdom-netflow

FortiGate-60E (vdom-netflow) # unset vdom-netflow

FortiGate-60E (vdom-netflow) # end
vdom netflow collector is disabled, global netflow collector will be used.

FortiGate-60E (Sales) # end

FortiGate-60E # config global

FortiGate-60E (global) # diagnose test application sflowd 3

===== Netflow Vdom Configuration =====
Global collector:10.99.99.254:[2055] source ip: 10.1.1.99 active-timeout(seconds):1800 inactive-timeout(seconds):15

____ vdom: root, index=0, is master, collector: disabled (use global config) (mgmt vdom)
|_ coll_ip:10.99.99.254:2055,src_ip:10.1.1.99
|_ seq_num:42 pkts/time to next template: 18/1173
|_ exported: Bytes:0, Packets:0, Sessions:0 Flows:0
|_ active_intf: 3
|____ interface:wan1 sample_direction:both device_index:5 snmp_index:1
|____ interface:wan2 sample_direction:both device_index:6 snmp_index:2
|____ interface:dmz sample_direction:both device_index:7 snmp_index:3

____ vdom: Security, index=3, is master, collector: disabled (use global config)
|_ coll_ip:10.99.99.254:2055,src_ip:10.1.1.99
|_ seq_num:4 pkts/time to next template: 16/1173
|_ exported: Bytes:0, Packets:0, Sessions:0 Flows:0
|_ active_intf: 1
|____ interface:internal1 sample_direction:both device_index:8 snmp_index:4

____ vdom: Sales, index=4, is master, collector: disabled (use global config)
|_ coll_ip:10.99.99.254:2055,src_ip:10.1.1.99
|_ seq_num:1 pkts/time to next template: 19/1173
|_ exported: Bytes:0, Packets:0, Sessions:0 Flows:0
|_ active_intf: 1
|____ interface:internal3 sample_direction:both device_index:10 snmp_index:6

Technical Tip: Migrating to a single NetFlow configuration to all VDOMs

You are leaving our website