yurisk.info

Yuri Slobodyanyuk's blog on IT Security and Networking sharing experience and expertise

Do not miss the long awaited addition to the Fortigate 4 MR2 – sFlow data export

Great news – now Fortigate supports exporting data flows statistics to an external server using sFlow protocol (twin of Netflow from the Cisco world). I configured it in about a minute and it just works. To collect the sFlow data I use nfdump/Nfsen , that I found to be the most stable and versatile, not to mention being the rare one supporting both Netflow and sFlow.
You first set external server IP and destination port , here it is 10.99.99.158 and UDP 7774, and then enable flow export per interface. Example follows, here I did it on Fortigate 100.

# show system sflow
config system sflow

set collector-ip 10.99.99.158

set collector-port 7774

end

# show system interface dmz1

config system interface

edit “dmz1”

set vdom “root”

set ip 10.99.99.254 255.255.255.0

set allowaccess ping https ssh snmp
set type physical
set wccp enable
set sflow-sampler enable
next
end

Fortigate article



2 Comments

  1. Yuri, do you know if the sampler works on VLAN interfaces ?

    We need to sample traffic on a particular VLAN and our collector is effectively on another subnet.

    Paul

  2. Yuri

    April 22, 2012 at 10:33 pm

    I haven’t tested myself so can’t say for sure …

Comments are closed.

© 2016 yurisk.info

Theme by Anders NorenUp ↑