Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vkulik
Staff
Staff

Created on ‎03-05-2010 01:48 PM

Technical Tip: How to configure sFlow

Description
This article explains how to configure support for sFlow, this feature was introduced in FortiOS 4.0MR2.
Scope
FortiOS.
Solution
  • FortiOS samples the network on a per-interface basis. Datagram’s are forwarded to the sFlow collector.  It should be noted that the FortiGate does not act as a sFlow collector.
  • sFlow agents can be added to any FortiGate interface, including physical interfaces, VLAN interfaces, and aggregate interfaces. However, sFlow agent/client is not supported on some virtual interfaces such as VDOM link, IPSec, gre, and ssl.<vdom>.
  • sFlow configuration is available only from the CLI.
  • sFlow Sample rate defines the average number of packets to wait between samples, value between 10 to 99999. For example, the default sample-rate of 2000 samples 1 of every 2000 packets.
    • The lower the sample-rate the higher the number of packets sampled. Sampling more packets increases the accuracy of the sampling data but also increases the CPU and network bandwidth required to support sFlow. The default sample-rate of 2000 provides high enough accuracy in most cases.
The sFlow configuration are applied either globally, per-vdom, or per-interface, as shown below.
 
1. Set sFlow collector/server IP on the FortiGate.
 
config system sflow
set collector-ip x.x.x.x
set collector-port xxxx (default udp/6343)
end
 
To configure it per VDOM.
 
config system vdom-sflow

set vdom-sflow [disable*|enable]

set collector-ip x.x.x.x

set collector-port xxxx

end
 
2. Configure sFlow agents per interface.
 
config sys interface

edit

set sflow-sampler [disable*|enable]

set sample-rate xxxx //sample ever xxxx packets

set sample-direction [tx|rx|both*]

set polling-interval xx //in secs

next

end
It should be noted that:
  • When sFlow attributes are configured on an interface they are never skipped.
  • For individual sFlow sampler enabled interfaces, if a per-vdom sFlow is enabled (vdom-sflow) sampling traffic is sent to the per-vdom collector.  In all other scenarios sampling traffic is sent to the management-vdom's collector (management-vdom always use global setting).
  • Management-vdom can monitor all interfaces.

Related Articles

Troubleshooting Tip: Sflow and netflow issues

Technical Note : Third party sflow analyzers display incorrect FortiGate interface statistics

41382
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.