switch-controller flow-tracking

Configure FortiSwitch flow tracking and export via ipfix/netflow.

  config switch-controller flow-tracking
      Description: Configure FortiSwitch flow tracking and export via ipfix/netflow.
      set sample-mode [local|perimeter|...]
      set sample-rate {integer}
      set format [netflow1|netflow5|...]
      set collector-ip {ipv4-address}
      set collector-port {integer}
      set transport [udp|tcp|...]
      set level [vlan|ip|...]
      set max-export-pkt-size {integer}
      set timeout-general {integer}
      set timeout-icmp {integer}
      set timeout-max {integer}
      set timeout-tcp {integer}
      set timeout-tcp-fin {integer}
      set timeout-tcp-rst {integer}
      set timeout-udp {integer}
      config aggregates
          Description: Configure aggregates in which all traffic sessions matching the IP Address will be grouped into the same flow.
          edit <id>
              set ip {ipv4-classnet}
          next
      end
  end

config switch-controller flow-tracking

Parameter Name	Description	Type	Size
sample-mode	Configure sample mode for the flow tracking. local: Set local mode which samples on the specific switch port. perimeter: Set perimeter mode which samples on all switch fabric ports and fortilink port at the ingress. device-ingress: Set device -ingress mode which samples across all switch ports at the ingress.	option	-
sample-rate	Configure sample rate for the perimeter and device-ingress sampling(0 - 99999).	integer	Minimum value: 0 Maximum value: 99999
format	Configure flow tracking protocol. netflow1: Netflow version 1 sampling. netflow5: Netflow version 5 sampling. netflow9: Netflow version 9 sampling. ipfix: Ipfix sampling.	option	-
collector-ip	Configure collector ip address.	ipv4-address	Not Specified
collector-port	Configure collector port number(0-65535, default=0).	integer	Minimum value: 0 Maximum value: 65535
transport	Configure L4 transport protocol for exporting packets. udp: UDP protocol. tcp: TCP protocol. sctp: SCTP protocol.	option	-
level	Configure flow tracking level. vlan: Collects srcip/dstip/srcport/dstport/protocol/tos/vlan from the sample packet. ip: Collects srcip/dstip from the sample packet. port: Collects srcip/dstip/srcport/dstport/protocol from the sample packet. proto: Collects srcip/dstip/protocol from the sample packet. mac: Collects smac/dmac from the sample packet.	option	-
max-export-pkt-size	Configure flow max export packet size (512-9216, default=512 bytes).	integer	Minimum value: 512 Maximum value: 9216
timeout-general	Configure flow session general timeout (60-604800, default=3600 seconds).	integer	Minimum value: 60 Maximum value: 604800
timeout-icmp	Configure flow session ICMP timeout (60-604800, default=300 seconds).	integer	Minimum value: 60 Maximum value: 604800
timeout-max	Configure flow session max timeout (60-604800, default=604800 seconds).	integer	Minimum value: 60 Maximum value: 604800
timeout-tcp	Configure flow session TCP timeout (60-604800, default=3600 seconds).	integer	Minimum value: 60 Maximum value: 604800
timeout-tcp-fin	Configure flow session TCP FIN timeout (60-604800, default=300 seconds).	integer	Minimum value: 60 Maximum value: 604800
timeout-tcp-rst	Configure flow session TCP RST timeout (60-604800, default=120 seconds).	integer	Minimum value: 60 Maximum value: 604800
timeout-udp	Configure flow session UDP timeout (60-604800, default=300 seconds).	integer	Minimum value: 60 Maximum value: 604800

Parameter Name	Description	Type	Size
ip	IP address to group all matching traffic sessions to a flow.	ipv4-classnet	Not Specified

Configure FortiSwitch flow tracking and export via ipfix/netflow.

config switch-controller flow-tracking Description: Configure FortiSwitch flow tracking and export via ipfix/netflow. set sample-mode [local|perimeter|...] set sample-rate {integer} set format [netflow1|netflow5|...] set collector-ip {ipv4-address} set collector-port {integer} set transport [udp|tcp|...] set level [vlan|ip|...] set max-export-pkt-size {integer} set timeout-general {integer} set timeout-icmp {integer} set timeout-max {integer} set timeout-tcp {integer} set timeout-tcp-fin {integer} set timeout-tcp-rst {integer} set timeout-udp {integer} config aggregates Description: Configure aggregates in which all traffic sessions matching the IP Address will be grouped into the same flow. edit <id> set ip {ipv4-classnet} next end end

config switch-controller flow-tracking

Parameter Name

Description

Type

Size

sample-mode

Configure sample mode for the flow tracking.
local: Set local mode which samples on the specific switch port.
perimeter: Set perimeter mode which samples on all switch fabric ports and fortilink port at the ingress.
device-ingress: Set device -ingress mode which samples across all switch ports at the ingress.

option

sample-rate

Configure sample rate for the perimeter and device-ingress sampling(0 - 99999).

integer

Minimum value: 0 Maximum value: 99999

format

Configure flow tracking protocol.
netflow1: Netflow version 1 sampling.
netflow5: Netflow version 5 sampling.
netflow9: Netflow version 9 sampling.
ipfix: Ipfix sampling.

option

collector-ip

Configure collector ip address.

ipv4-address

Not Specified

collector-port

Configure collector port number(0-65535, default=0).

integer

Minimum value: 0 Maximum value: 65535

transport

Configure L4 transport protocol for exporting packets.
udp: UDP protocol.
tcp: TCP protocol.
sctp: SCTP protocol.

option

level

Configure flow tracking level.
vlan: Collects srcip/dstip/srcport/dstport/protocol/tos/vlan from the sample packet.
ip: Collects srcip/dstip from the sample packet.
port: Collects srcip/dstip/srcport/dstport/protocol from the sample packet.
proto: Collects srcip/dstip/protocol from the sample packet.
mac: Collects smac/dmac from the sample packet.

option

max-export-pkt-size

Configure flow max export packet size (512-9216, default=512 bytes).

integer

Minimum value: 512 Maximum value: 9216

timeout-general

Configure flow session general timeout (60-604800, default=3600 seconds).

integer