Scribd
Upload
607 views

Fortinet Sflow Support

On the last firmware release Fortinet adds support for sFlow. sFlow is supported on FortiOS 4.0MR2 and above.

Uploaded by

Fabrizio Rosina
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
607 views

Fortinet Sflow Support

On the last firmware release Fortinet adds support for sFlow. sFlow is supported on FortiOS 4.0MR2 and above.

Uploaded by

Fabrizio Rosina
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Fortinet Support for sFlow

On the last firmware release Fortinet adds support for sFlow.


sFlow is supported on FortiOS 4.0MR2 and above.
Here some tips extracted from Fortinet KB article discussing configuration of sFlow in a FortiGate device.
In FortiOS 4.0 MR2, FortiOS samples the network on a per-interface basis. Datagram’s are forwarded to the
sFlow collector.  It should be noted that the FortiGate does not act as a sFlow collector.
sFlow agents can be added to any FortiGate interface, including physical interfaces, VLAN interfaces, and
aggregate interfaces. However, sFlow agent/client is not supported on some virtual interfaces such as
VDOM link, IPSec, gre, and ssl.<vdom>.
sFlow configuration is available only from the CLI.
The sFlow configuration are applied either globally, per-vdom, or per-interface, as shown below.
 
1. Set sFlow collector/server IP on the FortiGate.
 

config system sflow


set collector-ip x.x.x.x
set collector-port xxxx (default udp/6343)
end

 
To configure it per VDOM.
 

config system vdom-sflow


set vdom-sflow [disable*|enable]
set collector-ip x.x.x.x
set collector-port xxxx
end

 
2. Configure sFlow agents per interface.
 

config sys interface


edit
set sflow-sampler [disable*|enable]
set sample-rate xxxx //sample ever xxxx packets
set sample-direction [tx|rx|both*]
set polling-interval xx //in secs
next
end

It should be noted that:


- When sFlow attributes are configured on an interface they are never skipped.
- For individual sFlow sampler enabled interfaces, if a per-vdom sFlow is enabled (vdom-sflow) sampling
traffic is sent to the per-vdom collector.  In all other scenarios sampling traffic is sent to the management-
vdom's collector (management-vdom always use global setting).
- Management-vdom can monitor all interfaces.

sFlow operates by sampling 1 in N packets as they arrive at the device's Ethernet interface. A small bit
of the ethernet frame (usually around 68 bytes) is snipped off and placed into a UDP packet along with
additional samples. Once the packet reaches 1500 bytes the sFlow exporter attaches a preamble (including
sample rate, interface ifindex, etc) and sends the samples to the collector. One of the big advantages sFlow
has over NetFlow is that it runs at layer-2. sFlow enabled devices don't need a layer-3 hop to create a flow
as most NetFlow exporters do.

Anyway, if you have an sFlow collector and use Fortinet appliances this new feature provides excellent
visibility into the traffic flows occurring through the Fortinet device.

You might also like