Enabling sFlow in Fortigate Firewalls

sFlow uses sampling to send real time monitoring updates to your favorite sFlow analyzer. Fortinet supports sFlow but it can as of now only be configured in CLI.

To configure sFlow for fortigate:

The following commands configure a FortiGate appliance to sample packets at 1-in-512, poll counters every 30 seconds and send counters to an analyzer which in my network is PRTG. PRTG is free for 10 sensors, and the sFlow sensor counts as just one of them :). sFlow uses UDP and by default uses port 6343, which you can change to anything you would like.

config system sflow
set collector-ip
set collector-port 6343
— remember changes don’t take effect until this command is entered.

Then for each interface:

config sys interface
edit port1
set sflow-sampler enable
set sample-rate 512
set sample-direction both
set polling-interval 30

In PRTG setup the sFlow sensor, make sure to set the port and you should start seeing some really good statistics come in. A tip with PRTG is create a new sFlow sensor with a different port for each device sending flows.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: