Fortigate Netflow not dispaly all record on Qradar QFlow

luca1994 · ‎10-20-2023

Hello team,

I configured the interfaces of a fortigate to send flows to qradar, which acts as a netflow server.

i have configuring netflow with default parameter cme from documentation in rx mode on the 'output interface.

But when we run a data upload test to the 'outside, all flows are not sent to qradar.

While with other firewall vendors the flows arrive correctly.

The parameters I set are as follows:

config system netflow
set collector-ip x.y.z.w
set collector-port 2055
set source-ip 0.0.0.0
set active-flow-timeout 1800
set inactive-flow-timeout 15
set template-tx-timeout 1800
set template-tx-counter 20
set interface-select-method auto
end

any suggestions?

Thanks for the support

gsekar · ‎10-20-2023

Hi,

Can you confirm whether have you enabled netflow on the interface level?

Kindly go through the document below:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-Configure-Netflow/ta-p/196080?exter...

luca1994 · ‎10-20-2023

Hi @gsekar ,

i have enabled netflow on interface level in both mode.

Thanks

Fortigate Netflow not dispaly all record on Qradar QFlow

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website