Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mle2802
Staff
Staff

Created on ‎07-09-2025 06:34 AM Edited on ‎07-10-2025 02:03 PM By Moderator

Article Id 399755

Troubleshooting Tip: Netflow is not exporting local-in traffic

Description This article describes how to troubleshoot the issue with Netflow is not sending local-in traffic for analysis.
Scope FortiGate
Solution

Configure the  Netflow on FortiGate using this KB article: Technical Tip: How to Configure Netflow Description.

Run the packet capture on port UDP/2055 from FortiGate, and it is possible to see that there is no traffic matching the filter 'cflow.protocol == 1' for ICMP traffic to FortiGate.

Screenshot 2025-07-04 144427.png
To export traffic to the collector, traffic logs need to be enabled. On FortiGate, there are no logs for local traffic. 

Screenshot 2025-07-04 145518.png
To enable local-in log, run the following command:

config log setting
    set local-in-allow enable
    set local-in-deny-unicast enable
    set local-in-deny-broadcast enable
end

After that, confirm local-in traffic is logged and Netflow is sending it to the collector.

Screenshot 2025-07-04 145236.png

 

Screenshot 2025-07-04 145451.png
179
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.