Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Troy2023
New Contributor

Netflow with flow action

I was wondering if I can allow Fortigate Firewall to include the flow action like if this flow has been permitted or denied in the netflow message? And if yes how to enable it as I can’t see it from fortigate while I can see it from some other vendors Firewalls. Is there a way to do so?

3 REPLIES 3
Shilpa1
Staff
Staff

Hello Troy2023,


NetFlow is like a tool that helps you watch and understand the traffic on your network. It can tell you things like where data is coming from, where it's going, and how much there is. However, it can't tell you if your firewall allowed or blocked that traffic. So, if you want to know if your firewall said "yes" or "no" to a specific traffic flow, you might need to look somewhere else, like in your firewall's logs.

You may need to consider using other methods or tools, such as firewall logs and a separate log management or SIEM system, to track and analyze firewall rule actions.

 

For more information regarding Fortigate Netflow, please refer the below document link:
https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/998643/netflow

 

Regards,
Shilpa 

Troy2023

Thank you Shilpa for the information but  the point here Cisco FTD and Paloalto firewalls are capable to send the flow action to the flow collector so I thought we might be able to do any configuration change to achieve it

balor98
New Contributor

Good idea. Is there an easy way to get the ASN out of the IPs from netflow? I found some tools to convert online, but nothing that I can parse in real time (when you have thousands of entries per minute).

https://19216801.onl/ https://routerlogin.uno/
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors