Configuring Flow Exports on FortiGate/FortiOS

FortiGate/FortiOS supports flow export for NetFlow from the version 5.2 and above.

For NetFlow analysis, you need to configure your devices to export flows to Site24x7 On-Premise Poller. The On-Premise Poller, as the NetFlow collector, will be listening to the particular port to receive flows. Learn how to find the port number of your On-Premise Poller.

Configure the device to export NetFlow packets to the machine on which you've installed Site24x7 On-Premise Poller by following the steps below:

config system netflow
set collector-ip {NFA ServerIP}
set collector-port 9996
set source-ip {IP address of the device}
set active-flow-timeout 1
set inactive-flow-timeout 15
end

Follow the steps below on each interface:

config system interface
edit <interface name>
set netflow-sampler tx
end

If it is a virtual domains overview (VDOM) environment, configure the device as follows:

config system vdom–netflow
set vdom–netflow enable
set collector-ip {NFA ServerIP}
set collector-port 9996
set source-ip loopback1
end

Follow the steps below on each interface:

config system interface
edit <interface name>
set netflow-sampler tx
end

To review the NetFlow configuration, use the following commands in the command-line interface (CLI) mode:

diagnose test application sflowd 3
diagnose test application sflowd 4

If you face any issues with the above steps, you can try the steps for configuring flow exports on Fortigate firewalls.