How to configure NetFlow on FortiGate Firewall

This article explains how to configure NetFlow on a FortiGate Firewall

Configure the NetFlow collector IP:

# config system netflow
# set collector-ip <IPV4_ADDRESS>
# set collector-port <PORT>
# end

Here IPV4_ADDR is IP address of the NetFlow collector and PORT is the destination UDP port. The standard value is UDP port 2055, but any other ports like 9555, 9025, or 9026 can also be used.

Enable NetFlow on the Interface:

# config system interface
# edit <INTERFACE_NAME>
# set netflow-sampler both
# end

The following options are available for the NetFlow sampler:

tx Monitor transmitted traffic on this interface.
rx Monitor received traffic on this interface.
both Monitor transmitted/received traffic on this interface.

Verification of Configuration and troubleshooting

If data is not seen your NetFlow collector after configuring the NetFlow as explained above, then use any of the following sniffer commands to verify if there is communication between the FortiGate and the NetFlow collector

Using collector port, here the collector port is 2055

# diagnose sniffer packet 'port 2055'  6 0 a

Or use a sniffer on the NetFlow collector IP, here x.x.x.x is the IP address of the NetFlow collector

# diagnose sniffer packet 'host x.x.x.x' 6 0 a