I was wondering if I can allow Fortigate Firewall to include the flow action like if this flow has been permitted or denied in the netflow message? And if yes how to enable it as I can’t see it from fortigate while I can see it from some other vendors Firewalls. Is there a way to do so?
NetFlow is like a tool that helps you watch and understand the traffic on your network. It can tell you things like where data is coming from, where it's going, and how much there is. However, it can't tell you if your firewall allowed or blocked that traffic. So, if you want to know if your firewall said "yes" or "no" to a specific traffic flow, you might need to look somewhere else, like in your firewall's logs.
You may need to consider using other methods or tools, such as firewall logs and a separate log management or SIEM system, to track and analyze firewall rule actions.
Thank you Shilpa for the information but the point here Cisco FTD and Paloalto firewalls are capable to send the flow action to the flow collector so I thought we might be able to do any configuration change to achieve it
Good idea. Is there an easy way to get the ASN out of the IPs from netflow? I found some tools to convert online, but nothing that I can parse in real time (when you have thousands of entries per minute).
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.