How to configure sFlow on a FortiGate
sFlow agents can be added to any FortiGate interface, including physical interfaces, VLAN interfaces, and aggregate interfaces. However, sFlow agent/client is not supported on some virtual interfaces such as VDOM link, IPSec, gre, and ssl..
sFlow configuration is available only from the CLI.
Configuration steps include:
1. Set sFlow collector/server IP on the FortiGate.
config system sflow set collector-ip set collector-port xxxx (default udp/6343) end
To configure it per VDOM.
config system vdom-sflow set vdom-sflow [disable*|enable] set collector-ip set collector-port xxxx (default udp/6343) end
2. Configure sFlow agents per interface.
config sys interface edit set sflow-sampler [disable*|enable] set sample-rate xxxx //sample ever xxxx packets set sample-direction [tx|rx|both*] set polling-interval xx //in secs next end
sFlow agents can be added to any FortiGate interface, including physical interfaces, VLAN interfaces, and aggregate interfaces. However, sFlow agent/client is not supported on some virtual interfaces such as VDOM link, IPSec, gre, and ssl..
sFlow configuration is available only from the CLI.
Configuration steps include:
1. Set sFlow collector/server IP on the FortiGate.
config system sflow set collector-ip set collector-port xxxx (default udp/6343) end
To configure it per VDOM.
config system vdom-sflow set vdom-sflow [disable*|enable] set collector-ip set collector-port xxxx (default udp/6343) end
2. Configure sFlow agents per interface.
config sys interface edit set sflow-sampler [disable*|enable] set sample-rate xxxx //sample ever xxxx packets set sample-direction [tx|rx|both*] set polling-interval xx //in secs next end
0Awesome Comments!