Configure sFlow - Fortinet / FortiGate
Posted: Fri Jun 18, 2010 3:30 am
How to configure sFlow on a FortiGate
sFlow agents can be added to any FortiGate interface, including physical interfaces, VLAN interfaces, and aggregate interfaces. However, sFlow agent/client is not supported on some virtual interfaces such as VDOM link, IPSec, gre, and ssl.<vdom>.
sFlow configuration is available only from the CLI.
Configuration steps include:
1. Set sFlow collector/server IP on the FortiGate.
config system sflow
set collector-ip <NetFlow-Auditor-IP-Address>
set collector-port xxxx (default udp/6343)
end
To configure it per VDOM.
config system vdom-sflow
set vdom-sflow [disable*|enable]
set collector-ip <NetFlow-Auditor-IP-Address>
set collector-port xxxx (default udp/6343)
end
2. Configure sFlow agents per interface.
config sys interface
edit
set sflow-sampler [disable*|enable]
set sample-rate xxxx //sample ever xxxx packets
set sample-direction [tx|rx|both*]
set polling-interval xx //in secs
next
end
sFlow agents can be added to any FortiGate interface, including physical interfaces, VLAN interfaces, and aggregate interfaces. However, sFlow agent/client is not supported on some virtual interfaces such as VDOM link, IPSec, gre, and ssl.<vdom>.
sFlow configuration is available only from the CLI.
Configuration steps include:
1. Set sFlow collector/server IP on the FortiGate.
config system sflow
set collector-ip <NetFlow-Auditor-IP-Address>
set collector-port xxxx (default udp/6343)
end
To configure it per VDOM.
config system vdom-sflow
set vdom-sflow [disable*|enable]
set collector-ip <NetFlow-Auditor-IP-Address>
set collector-port xxxx (default udp/6343)
end
2. Configure sFlow agents per interface.
config sys interface
edit
set sflow-sampler [disable*|enable]
set sample-rate xxxx //sample ever xxxx packets
set sample-direction [tx|rx|both*]
set polling-interval xx //in secs
next
end