Configuring Flow Exports on FortiGate/FortiOS

FortiGate/FortiOS supports flow export for NetFlow from the version 5.2 and above.

For NetFlow analysis, you need to configure your devices to export flows to Site24x7 On-Premise Poller. The On-Premise Poller, as the NetFlow collector, will be listening to the particular port to receive flows. Learn how to find the port number of your On-Premise Poller.

Configure the device to export NetFlow packets to the machine on which you've installed Site24x7 On-Premise Poller by following the steps below:

config system netflow 
set collector-ip {NFA ServerIP} 
set collector-port 9996 
set source-ip {IP address of the device} 
set active-flow-timeout 1 
set inactive-flow-timeout 15 
end

Follow the steps below on each interface:

config system interface 
edit <interface name> 
set netflow-sampler tx 
end

If it is a virtual domains overview (VDOM) environment, configure the device as follows:

config system vdom–netflow 
set vdom–netflow enable 
set collector-ip {NFA ServerIP} 
set collector-port 9996 
set source-ip loopback1 
end

Follow the steps below on each interface:

config system interface 
edit <interface name> 
set netflow-sampler tx 
end

To review the NetFlow configuration, use the following commands in the command-line interface (CLI) mode:

diagnose test application sflowd 3
diagnose test application sflowd 4

If you face any issues with the above steps, you can try the steps for configuring flow exports on Fortigate firewalls.