Configuring Flow Exports on FortiGate/FortiOS

FortiGate/FortiOS supports flow export for NetFlow from the version 5.2 and above.

For NetFlow analysis, you need to configure your devices to export flows to Site24x7 On-Premise Poller. The On-Premise Poller, as the NetFlow collector, will be listening to the particular port to receive flows. Learn how to find the port number of your On-Premise Poller.

Configure the device to export NetFlow packets to the machine on which you've installed Site24x7 On-Premise Poller by following the steps below:

config system netflow
set collector-ip {NFA ServerIP}
set collector-port 9996
set source-ip {IP address of the device}
set active-flow-timeout 1
set inactive-flow-timeout 15
end

Follow the steps below on each interface:

config system interface
edit <interface name>
set netflow-sampler tx
end

If it is a virtual domains overview (VDOM) environment, configure the device as follows:

config system vdom–netflow
set vdom–netflow enable
set collector-ip {NFA ServerIP}
set collector-port 9996
set source-ip loopback1
end

Follow the steps below on each interface:

config system interface
edit <interface name>
set netflow-sampler tx
end

To review the NetFlow configuration, use the following commands in the command-line interface (CLI) mode:

diagnose test application sflowd 3
diagnose test application sflowd 4

If you face any issues with the above steps, you can try the steps for configuring flow exports on Fortigate firewalls.

Was this document helpful?
Thanks for taking the time to share your feedback. We’ll use your feedback to improve our online help resources.