This article explains how to configure support for sFlow.
This feature was introduced in FortiOS 4.0MR2.
- FortiOS samples the network on a per-interface basis. Datagrams are forwarded to the sFlow collector. It should be noted that the FortiGate does not act as a sFlow collector.
- sFlow agents can be added to any FortiGate interface, including physical interfaces, VLAN interfaces, and aggregate interfaces. However, sFlow agent/client is not supported on some virtual interfaces such as VDOM link, IPSec, gre, and ssl.<vdom>.
- sFlow configuration is available only from the CLI.
- sFlow Sample rate defines the average number of packets to wait between samples, value between 10 to 99999. For example, the default sample-rate of 2000 samples 1 of every 2000 packets.
- The lower the sample-rate the higher the number of packets sampled. Sampling more packets increases the accuracy of the sampling data but also increases the CPU and network bandwidth required to support sFlow. The default sample-rate of 2000 provides high enough accuracy in most cases.
set vdom-sflow enable
set collector-ip x.x.x.x
set collector-port xxxx
set sample-rate xxxx (sample every xxxx packets).
set sample-direction both (can be also set for only tx, or only rx).
set polling-interval xx (in seconds).
Troubleshooting Tip: Sflow and netflow issues
Technical Note : Third party sflow analyzers display incorrect FortiGate interface statistics
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.