Help Docs

Configuring flow exports on FortiGate/FortiOS

FortiGate/FortiOS supports flow export for NetFlow from the version 5.2 and above.

For NetFlow analysis, you need to configure your devices to export flows to Site24x7's On-Premise Poller. The On-Premise Poller, as the NetFlow collector, will be listening to the particular port to receive flows. Learn how to find the port number of your On-Premise Poller.

Configure the device to export NetFlow packets to the machine on which you've installed Site24x7 On-Premise Poller by following the steps below:

config system netflow
    set collector-ip <IP address>
    set collector-port <0-65535>
    set active-flow-timeout <integer. Values 1-60. Default 30>
    set inactive-flow-timeout <integer. Values 10-600. Default 15>
    set template-tx-timeout <integer. Values 1-1440. Default 30>
    set template-tx-counter <integer. Values 10-6000. Default 20>
end

If working with firmware versions 7.2.8, 7.4.2, or later, configure the NetFlow as follows:

config system netflow
    set active-flow-timeout Timeout to report active flows (60 - 3600 sec, default = 1800).
    set inactive-flow-timeout Timeout for periodic report of finished flows (10 - 600 sec, default = 15).
    set template-tx-timeout Timeout for periodic template flowset transmission (60 - 86400 sec, default = 1800).
    set template-tx-counter Counter of flowset records before resending a template flowset record.
            config collectors
            edit <table value>
                set collector-ip <On-Premise Poller IP address>
                set collector-port <NetFlow collector port number>
                set source-ip <Source IP address for communication with the NetFlow agent>
                set interface-select-method auto
        end
end

You can configure the source interface if you are using FortiOS v7.6.0 or higher.

config system netflow
    config collectors
        edit <id>
            set source-ip-interface <interface_name>
        next
    end
end

Follow the steps below on each interface to enable NetFlow:

config system interface
edit <interface name>
set netflow-sampler bothend

If it is a virtual domains overview (VDOM) environment, configure the device as follows:

config vdom
    edit root  (Modify root to the non-management VDOM name as needed.)
        config sys vdom-netflow
            set vdom-netflow enable   (This setting must be enabled before proceeding to the next setting.)
            set collector-ip <IP address>
            set collector-port 9996
            set source-ip <IP address>
        end
        config system interface
            edit wan1 ( Change the interface to the one to be used.)
                set netflow-sampler both
        end
end

To review the NetFlow configuration, use the following commands in command-line interface mode:

diagnose test application sflowd 3
diagnose test application sflowd 4

If you face any issues with the above steps, you can try the steps for configuring flow exports on Fortigate firewalls.

Check the official documentation to learn more.

Related articles

Was this document helpful?

Would you like to help us improve our documents? Tell us what you think we could do better.


We're sorry to hear that you're not satisfied with the document. We'd love to learn what we could do to improve the experience.


Thanks for taking the time to share your feedback. We'll use your feedback to improve our online help resources.

Shortlink has been copied!