在 FortiGate/FortiOS 上配置flow包导出
FortiGate/FortiOS 支持 5.2 及以上版本的 NetFlow 流导出。
对于NetFlow 分析,您需要将设备配置为将flow包导出到 Site24x7 本地轮询器,即 NetFlow 收集器。本地部署轮询器将监听特定端口以接收flows。了解如何查找本地部署轮询器的端口号。
按照以下步骤配置设备以将 NetFlow 数据包导出到安装了Site24x7本地部署轮询器的机器:
config system netflow
set collector-ip {NFA ServerIP}
set collector-port 9996
set source-ip {IP address of Device}
set active-flow-timeout 1
set inactive-flow-timeout 15
end
set collector-ip {NFA ServerIP}
set collector-port 9996
set source-ip {IP address of Device}
set active-flow-timeout 1
set inactive-flow-timeout 15
end
在每个接口上执行以下步骤:
config system interface
edit <interface name>
set netflow-sampler tx
end
edit <interface name>
set netflow-sampler tx
end
如果是虚拟域概览 (VDOM) 环境,请按如下方式配置设备:
config system vdom–netflow
set vdom–netflow enable
set collector-ip {NFA ServerIP}
set collector-port 9996
set source-ip loopback1
end
set vdom–netflow enable
set collector-ip {NFA ServerIP}
set collector-port 9996
set source-ip loopback1
end
在每个接口上执行以下步骤:
config system interface
edit <interface name>
set netflow-sampler tx
end
edit <interface name>
set netflow-sampler tx
end
要查看 NetFlow 配置,请在命令行界面 (CLI) 模式下使用以下命令:
diagnose test application sflowd 3
diagnose test application sflowd 4
diagnose test application sflowd 4