I was wondering if I can allow Fortigate Firewall to include the flow action like if this flow has been permitted or denied in the netflow message? And if yes how to enable it as I can’t see it from fortigate while I can see it from some other vendors Firewalls. Is there a way to do so?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Troy2023,
NetFlow is like a tool that helps you watch and understand the traffic on your network. It can tell you things like where data is coming from, where it's going, and how much there is. However, it can't tell you if your firewall allowed or blocked that traffic. So, if you want to know if your firewall said "yes" or "no" to a specific traffic flow, you might need to look somewhere else, like in your firewall's logs.
You may need to consider using other methods or tools, such as firewall logs and a separate log management or SIEM system, to track and analyze firewall rule actions.
For more information regarding Fortigate Netflow, please refer the below document link:
https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/998643/netflow
Regards,
Shilpa
Thank you Shilpa for the information but the point here Cisco FTD and Paloalto firewalls are capable to send the flow action to the flow collector so I thought we might be able to do any configuration change to achieve it
Good idea. Is there an easy way to get the ASN out of the IPs from netflow? I found some tools to convert online, but nothing that I can parse in real time (when you have thousands of entries per minute).
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1673 | |
1083 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.