In this blog I would like to go over how to enable sFlow on Fortigate switches. Supposed we want to configure a Fortigate device to export sFlow, for instance, to a server 10.10.10.10. This server is listening for flow packets on port 2055, and we want a sampling rate of 1 for every 2000 packets.
First, we configure the flow destination.
config system sflow
set collector-ip 10.10.10.10
set collector-port 2055
end
Then, we issue the following commands to enable flow export per Virtual Domain
config system vdom-sflow
set vdom-sflow enable
set collector-ip 10.10.10.10
set collector-port 2055
end
Finally, we enable flow export per interface with:
config sys interface
edit
set sflow-sampler enable
set sample-rate 2000
set sample-direction both
set polling-interval 60 (in seconds )
next
end
DONE!!
The Fortinet knowledge base states that:
- When sFlow attributes are configured on an interface they are never skipped.
- For individual sFlow sampler enabled interfaces, if a per-vdom sFlow is enabled (vdom-sflow) sampling traffic is sent to the per-vdom collector. In all other scenarios sampling traffic is sent to the management-vdom’s collector (management-vdom always use global setting).
- Management-vdom can monitor all interfaces.
Fortinet devices support sFlow from FortiOS 4.0 MR2 and above. If you are running one of the latest versions, there is a good chance, your device supports sFlow.
For more information on Fortigate sFlow please visit the Fortinet knowledge base. I hope you enjoyed this blog.
