Today I want to talk a little about the Fortiswitch IPFIX configuration on the Fortiswitch-500. As of version 4.0 MR1 the Fortiswitch-500 can export IPFIX to your NetFlow Collector. IPFIX is the standard for flow information exports, hense the name IPFIX (Internet Protocol Flow Information eXport).

IPFIX:

IPFIX was designed as a common standard for defining how IP Flow information can be exported from routers, measurement probes, or other devices for billing and network management systems. The big deal with IPFIX is that it allows other vendors to export their own key fields.Fortiswitch

IPFIX Configuration:

The configuration for exporting IPFIX on the Fortiswitch-500 is not going to take too long as it can done in just a few easy steps. Here is the outline given from Fortinet.

1.) From Enable Mode, type config to enter Config Mode.

2.) Configure where to send the flow exports to.

Syntax: ipfix {collector <ip_address> } {port <0-65535> | format <9> } {all | <slot/port><slot/port> }

This enables IPFIX and sends the IPFIX information to the collector from all switch ports.

The default behavior of this command is to enable IPFIX on all ports. To export information from only one port, replace all with <slot/port>the port you wish to export data. The defaults for the parameters it configures are as follows:

  • IPFIX is disabled on all switch ports by default.
  • Switch exports flow data to service port 2055 by default.
  • There are no collectors established by default.
  • IPFIX format is set to version 9 by default.
  • The IPFIX report duration is 15 seconds by default.

Example:

(Config)# ipfix collector 10.50.38.199 port 9996 all

Here we have configured to send IPFIX to our collector at 10.50.38.199 on port 9996. This will export data from all ports on the switch.

Optional Steps:

3.) The default report duration is 15 seconds. If you wish to change the report duration.

Syntax: ipfix {report-timer <5-60>}

4.) The FortiSwitch-500 sends data traffic to UDP port 2055 by default. If you wish to send traffic to a different port, type ipfix collector port (where is the IP address of the IPFIX collector and is the UDP port to which you want to send data traffic).

Confirm IPFIX Configuration:

Now that you are exporting IPFIX from your Fortiswitch-500 you can start to get more insight into the traffic traversing your network. To view the information about the configuration of IPFIX we can run a command to see that info.

Systax: show ipfix

#show ipfix

PFIX Collector Address           Port

—————————————-

10.10.10.23                              3023

10.10.10.24                             2022

            Port                                         IPFIX State

   —————————————–

 1/1                                        Enable

 1/2                                        Enable

 1/3                                        Enable

 1/4                                        Enable

 

 

If you would like more information on the Fotriswitch-500 IPFIX configuration, please feel free to reach out to us in support.

 

Ryan Slosser

Ryan Slosser

My name is Ryan. I work in development here at Plixer International. I mostly deal with hardware deployment. I enjoy kayaking and fishing during the summer and Skiing in the winter. People can count on me and I always give 100% unless I'm donating blood.

Related