Fortinet NetFlow and EventLog configuration


Fortinet is one of the most used Next Gen Firewalls in the world. It is hard not to be immediately attracted to full integration of end-to-end security across the whole network infrastructure. This is conducted via modules, that are easily enabled. Also GUI is very intuitive, although NetFlow and Syslog configuration do require some additional effort. 

NetFlow Configuration

Fortinet (and Fortigate/FortiOS) NetFow configuration is enabled from CLI via few commands:

config system netflow
set collector-ip
set collector-port 2055;
set active-flow-timeout 1 
set inactive-flow-timeout 15

In our example below you may find all the NetFlow parameters that are configurable:

Next step would be to set NetFlow collecting on all the interfaces you wish to monitor:

config system interface
edit port1
set netflow-sampler both

Once you have gone through the simple settings mentioned before, NetFlow traffic should appear in your NetFlow collector. 

However, if there are some issues and NetFlow data are not emerging, then you can diagnose traffic with these two commands:

diagnose sniffer packet | grep 2055
diagnose sniffer packet | grep 
As grep you can use port or collector IP. Moreover, NetFlow configuration can be checked with two more commands:
diagnose test application sflowd 3
diagnose test application sflowd 4 

​In the following example, you may see how we did it:

EventLog Configuration

To configure EventLog export, we need to go through a few steps before we have messages in our EventLog Analyzer so let's start. Firstly, we need to define Syslog settings:

config log syslogd setting
set status enable
set port 514
set server
set reliable disable
set facility user

Afterwards, we can check the configuration:

Nevertheless, most Fortigate features are enabled by default:

And that is it, your Eventlog collector should now be filled with Fortigate messages.  
Barracuda NetFlow and EventLog configuration
Checkpoint NetFlow and EventLog configuration

Related Posts

By accepting you will be accessing a service provided by a third-party external to


Mailing and Visiting Address:
Soneco d.o.o.
Makenzijeva 24/VI, 11000 Belgrade, Serbia
Phone: +381.11.6356319
Fax: +381.11.2455210 |


linkedin facebook facebook