Hello,
I require to capture the traffic on wireshark.More or less the way if using SPAN port on Cisco switch.
So found if sflow can be used on Fortigate as I do not have any managed switch in our network.
Configured and sflow collector ip as the wireshark PC and enabled interface on fortigate internal interface.
I can see still not traffic does it captures except the one destined to or from the wireshark pc.
Any expert suggestions please.
Regards,
Sushil
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
What is your exact configuration?
There are two parts that you must enable.
config system sflow set collector-ip <collector_ipv4> set collector_port <port_int> end
and :
config system interface edit <interface_name>
set sflow-sampler {disable | enable}
end
The config is as below
config system sflow set collector-ip 192.168.1.78 set collector-port 6343 end
and internal gateway
config sys interface edit internal set sflow-sampler enable set sample-rate 512 set sample-direction both set polling-interval 30 next end
Some tools that may help:
This one should show some traffic, if sFlow is configured correctly: http://www.paessler.com/tools/sflowtester
Using Wireshark & sflowtool on Linux: http://blog.sflow.com/2011/11/wireshark.html
sflowtool: http://www.inmon.com/technology/sflowTools.php
the cmd variant on Windows, when sflowtool is located in the Wireshark directory: sflowtool.exe -t | wireshark.exe -k -i -
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.