I'm attempting to setup netflow and am not having any luck. I have a fortigate 80C and am using PRTG for monitoring. I followed these instructions found from Fortinet, but the probe says no information has been sent to it.
config system netflow set collector-ip <address> set collector-port <port> set source-ip <address> set active-flow-timeout <integer> set inactive-flow-timeout <integer> end I set the collector IP as the server address that has the PRTG probe on it, the port to a UDP port that wasn't used, and it matches what PRTG is looking for and I made sure there was a rule in the local firewall to allow it. The source IP I wasn't sure exactly what should be used, so I entered the routers IP address, and the timers I set to 1 and 15 respectively. Any insights on how to get this fixed would be very helpful, I'm looking forward to collecting the data on my WAN usage. Thanks Jon
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You have to enable the interface.
e.g
edit "internal1" set vdom "custA" set ip 10.100.10.1 255.255.255.0 set allowaccess ping https ssh set vlanforward enable set type physical set netflow-sampler tx <---------- set alias "internal1-interface" set lldp-transmission enable set snmp-index 2 config ipv6 set ip6-mode dhcp set ip6-allowaccess ping https ssh end next end
PCNSE
NSE
StrongSwan
You have to enable the interface.
e.g
edit "internal1" set vdom "custA" set ip 10.100.10.1 255.255.255.0 set allowaccess ping https ssh set vlanforward enable set type physical set netflow-sampler tx <---------- set alias "internal1-interface" set lldp-transmission enable set snmp-index 2 config ipv6 set ip6-mode dhcp set ip6-allowaccess ping https ssh end next end
PCNSE
NSE
StrongSwan
I might need some help with the commands to accomplish this. I am proficient with the gui and have a good amount of experience with ios command line, but am a bit fuzzy on fortinets until I get some more practice.
Will I be using a command like this?
config system interface
edit internal
set netflow-sampler tx
Thanks for the help!
Jon
Yes, and your options are tx/rx or both. So determine what directions you need.
PCNSE
NSE
StrongSwan
Hello,
Below KB article explains how to configure the netflow with a scenario and also has a basic debugging help:
http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD36460
Hope that helps.
Is NetFlow Advantageous to sFlow. Which FortiOS starts supporting netFlow. ?
Ahead of the Threat. FCNSA v5 / FCNSP v5
Fortigate 1000C / 1000D / 1500D
sFlow samples anything and is network layer independent (e.g. IPX, NetBEUI, IP, etc.) and can monitor the upper layer traffic as well.
NetFlow accounts for 100% of everything IP based (i.e. not IPX, NetBEUI, etc.)
Dipen wrote:Is NetFlow Advantageous to sFlow. Which FortiOS starts supporting netFlow. ?
They are not the same. Netflow probably has been around much longer than sflow due to cisco implementation. Sflow biggest positive is that it can support layer2 information in the flow details. Netflow imho and experience shine in DDoS detection and traffic-engineering and trending.
I would research here since myself and others have seen issues ( mainly sflow ) that shows packet stacking against the cpu or other issues. I would love to see a big outfit deploy sflow across a wide number of FGT appliances and have a cook-off.
In all of the approaches you need to be cautious of the sampler rate, and should provide a sampler. YMMV but FTNT has supported sflow for some time, I believe since 4 Mr3 in most appliances , but 5.0.x is where netflow started appearing in most FGT appliances iirc.
FWIW: A lot of netflow collectors don't support sflow flow records , so make sure your collector is sflow supported and the sampler interval that it can support.
Ken
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1660 | |
1077 | |
752 | |
443 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.