FortiGate

To configure NetFlow on a Fortinet FortiGate firewall, follow these steps:

Access the FortiGate CLI

Connect to your Fortinet FortiGate firewall via SSH or a console cable. If connecting via SSH, use a tool like PuTTY or the built-in SSH client in your terminal, and enter the firewall's IP address, username, and password to log in.

Enter configuration mode

Once logged in, enter configuration mode by typing the following command:

config system netflow

Configure NetFlow settings

To configure NetFlow settings, including the IP address and port of the remote flow collector and the active flow timeout, use the following commands:

set collector-ip x.x.x.x
set collector-port yyyy
set active-flow-timeout z

Replace x.x.x.x with the IP address of your NetFlow collector, yyyy with the desired port number for the NetFlow collector (e.g., 2055), and z with the desired active flow timeout in minutes (e.g., 1 for 1 minute).

Enable NetFlow on interfaces

To enable NetFlow on the desired interfaces, use the following commands:

config system interface
edit INTERFACE_NAME
set netflow-sampler both
end

Replace INTERFACE_NAME with the name of the interface on which you want to enable NetFlow (e.g., internal).

Commit and save the changes

After configuring the NetFlow settings and enabling it on the desired interfaces, save the changes by entering the following commands:

end
execute cfg save

Verify the configuration

To verify that NetFlow is configured correctly, use the following command:

show system netflow

This command should display the NetFlow settings you just configured.

Once you have completed these steps, your Fortinet FortiGate firewall will start exporting NetFlow data to the specified flow collector. Make sure your ElastiFlow NetObserv Flow is set up to receive and process the exported data for analysis and monitoring purposes.