When you work in the field that I do, sometimes you celebrate events that leave other people scratching their heads wondering what the hype is all about.
A customer of mine and I were recently having a discussion on various devices that supported NetFlow. His Fortinet firewall became part of the discussion, and at the time, I didn’t think it supported any kind of flow export. However, after finishing the conversation and hanging up the phone, he sent me an e-mail with a nice link documenting sFlow configs for the Fortinet firewall. (Special shout out to Steve for the link)
With the release of FortiOS 4.0MR2, you now have the option of enabling sFlow to monitor your traffic stream. If you’d like to know more about sFlow, please refer to the indepth blog entitled:
“What is sFlow? How do I understand it?”.
To setup sFlow:
Open the Fortinet CLI and enter the following global configs:
config system sflow
set collector-ip 192.168.1.1 (Scrutinizer server IP)
set collector-port 9996
end
Now that we have sFlow enabled, we need to configure the interfaces:
config sys interface
edit internal
set sflow-sampler enable
set sample-rate 512 (to know more about sample rates and which is more appropriate to use, view this blog that discusses suggested sample rates)
set sample-direction both
set polling-interval 60
next
end
And there you have it folks! If there any questions or if you’d like to know more about what sFlow can do for you, let us know.