Enabling sFlow in Fortigate Firewalls
sFlow uses sampling to send real time monitoring updates to your favorite sFlow analyzer. Fortinet supports sFlow but it can as of now only be configured in CLI.
To configure sFlow for fortigate:
The following commands configure a FortiGate appliance to sample packets at 1-in-512, poll counters every 30 seconds and send counters to an analyzer which in my network is PRTG. PRTG is free for 10 sensors, and the sFlow sensor counts as just one of them :). sFlow uses UDP and by default uses port 6343, which you can change to anything you would like.
config system sflow — remember changes don’t take effect until this command is entered.
set collector-ip 10.10.10.200
set collector-port 6343
Then for each interface:
config sys interface
set sflow-sampler enable
set sample-rate 512
set sample-direction both
set polling-interval 30
In PRTG setup the sFlow sensor, make sure to set the port and you should start seeing some really good statistics come in. A tip with PRTG is create a new sFlow sensor with a different port for each device sending flows.