Fortinet Logo

In this blog I would like to go over how to enable sFlow on Fortigate switches. Supposed we want to configure a Fortigate device to export sFlow, for instance, to a server This server is listening for flow packets on port 2055, and we want a sampling rate of 1 for every 2000 packets.

First, we configure the flow destination.

config system sflow
set collector-ip
set collector-port 2055

Then,  we issue the following commands to enable flow export per Virtual Domain

config system vdom-sflow
set vdom-sflow enable
set collector-ip
set collector-port 2055

Finally, we enable flow export per interface with:

config sys interface
set sflow-sampler enable
set sample-rate 2000
set sample-direction both
set polling-interval 60 (in seconds )


The Fortinet knowledge base states that:

  1. When sFlow attributes are configured on an interface they are never skipped.
  2. For individual sFlow sampler enabled interfaces, if a per-vdom sFlow is enabled (vdom-sflow) sampling traffic is sent to the per-vdom collector.  In all other scenarios sampling traffic is sent to the management-vdom’s collector (management-vdom always use global setting).
  3. Management-vdom can monitor all interfaces.

Fortinet devices support sFlow from FortiOS 4.0 MR2 and above. If you are running one of the latest versions, there is a good chance, your device supports sFlow.

For more information on Fortigate sFlow please visit the Fortinet knowledge base. I hope you enjoyed this blog.


Dale Locke is the Regional Manager for the southeast US at Plixer. He works with prospects to solve the unique needs of their network and visits existing customers to assist with training. He enjoys developing new partnerships and building long lasting relationships with his clients. Dale's favorite hobbies include fishing, hiking, soccer, and football.


Big Data

Sankey Flow Graph

One of the greatest benefits of NetFlow collection for traffic analysis, is we’re provided with the ability to visualize the…

Leave a Reply