Versions Compared

Old Version 2

changes.mady.by.user Customer Success & Engineering

Saved on

compared with

New Version Current

changes.mady.by.user Customer Success & Engineering

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel7

Overview

The Flow Exporting Enabled setting allows the appliance to export the data to collectors. The appliance exports flow against two virtual interfaces—sp_lan and sp_wan—that accumulate the total of LAN-side and WAN-side traffic, regardless of the physical interface

Flow export

NOTE:

  • To see which models support this feature, refer to the FortiSwitch feature matrix.

  • Starting in FortiSwitchOS 7.0.0, you can use the CLI to configure multiple flow-export collectors, control how often the template is exported, and specify a Berkeley packet filter (BPF).

  • Layer-2 flows for NetFlow version 1 and NetFlow version 5 are not supported.

  • For 2xxE models and higher, flow export uses psudorandom sampling (approximately 1 of x packets).

...

The maximum number of concurrent flows is defined by the FortiSwitch model. When this limit is exceeded, the oldest flow expires and is exported.

To use flow export:

  1. Enabling packet sampling

  2. Configuring flow export

  3. Viewing the flow-export data

  4. Deleting the flow-export data

Enabling packet sampling

To use flow export, you must first enable packet sampling for each switch port and trunk:

...

Configuring flow export

Using the GUI:

  1. Go to System > Flow Export > Configure.

  2. Configure the collectors.

    1. Click +.

    2. In the Name field, enter the name of the collector.

    3. Required. In the IP field, enter the IPv4 address for the collector. When the value is “0.0.0.0” or blank, the feature is disabled.

    4. In the Port field, enter the port number for the collector. The default port for NetFlow is 2055; the default port for IPFIX is 4739.

    5. In the Transport dropdown list, select SCTP, TCP, or UDP for the transport of exported packets.

  3. Configure the flow export options.

    1. In the Format drop-down list, select the format of the exported flow data as NetFlow version 1, NetFlow version 5, NetFlow version 9, or IPFIX sampling.
      NOTE: When the export format is NetFlow version 5, the sample rate used in the exported packets is derived from the lowest port number where sampling is enabled. Fortinet recommends that administrators using NetFlow version 5 set the sample rate consistently across all ports.

    2. In the Identity field, enter a unique number to identify which FortiSwitch unit the data originates from. If the identity is not specified, the “Burn in MAC” value is used instead (from the get system status command output).

    3. In the Level field, select the flow-tracking level from one of the following:
      —When you select IP, the FortiSwitch unit collects the source IP address and destination IP address from the sample packet.
      —When you select MAC, the FortiSwitch unit collects the source MAC address and destination MAC address from the sample packet.
      —When you select Port, the FortiSwitch unit collects the source IP address, destination IP address, source port, destination port, and protocol from the sample packet.
      —When you select Protocol, the FortiSwitch unit collects the source IP address, destination IP address, and protocol from the sample packet.
      —When you select VLAN, the FortiSwitch unit collects the source IP address, destination IP address, source port, destination port, protocol, and VLAN from the sample packet.

    4. In the Max Export Packet Size (Bytes) field, enter the maximum size of exported packets in the application level.

  4. Configure the timeouts.

    1. In the General field, enter the general timeout in seconds for the flow session.

    2. In the ICMP field, enter the ICMP timeout for the flow session.

    3. In the Max field, enter the maximum number of seconds before the flow session times out.

    4. In the TCP field, enter the TCP timeout for the flow session.

    5. In the TCP FIN field, enter the TCP FIN flag timeout for the flow session.

    6. In the TCP RST field, enter the TCP RST flag timeout for the flow session.

    7. In the UDP field, enter the UDP timeout for the flow session.

  5. Configure the aggregates.

    1. Select +.

    2. In the ID field, enter a number to identify the entry or use the default value.

    3. Required. In the IP/Netmask field, enter the IPv4 address and mask to match. All matching sessions are aggregated into the same flow.

    4. To add another entry, select +.

  6. Select Update.

Using the CLI:

config system flow-export

...

set ip <IPv4_address_mask>

end

end

Verification:- Viewing the flow-export data

Using the GUI:

Go to System > Flow Export > Monitor.

...