Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    6.4.8
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    config switch-controller flow-tracking

    config switch-controller flow-tracking

    Configure FortiSwitch flow tracking and export via ipfix/netflow.

    config switch-controller flow-tracking

    Description: Configure FortiSwitch flow tracking and export via ipfix/netflow.

    set sample-mode [local|perimeter|...]

    set sample-rate {integer}

    set format [netflow1|netflow5|...]

    set collector-ip {ipv4-address}

    set collector-port {integer}

    set transport [udp|tcp|...]

    set level [vlan|ip|...]

    set max-export-pkt-size {integer}

    set timeout-general {integer}

    set timeout-icmp {integer}

    set timeout-max {integer}

    set timeout-tcp {integer}

    set timeout-tcp-fin {integer}

    set timeout-tcp-rst {integer}

    set timeout-udp {integer}

    config aggregates

    Description: Configure aggregates in which all traffic sessions matching the IP Address will be grouped into the same flow.

    edit <id>

    set ip {ipv4-classnet}

    next

    end

    end

    config switch-controller flow-tracking

    Parameter

    Description

    Type

    Size

    Default

    sample-mode

    Configure sample mode for the flow tracking.

    option

    -

    perimeter

    Option

    Description

    local

    Set local mode which samples on the specific switch port.

    perimeter

    Set perimeter mode which samples on all switch fabric ports and fortilink port at the ingress.

    device-ingress

    Set device -ingress mode which samples across all switch ports at the ingress.

    sample-rate

    Configure sample rate for the perimeter and device-ingress sampling.

    integer

    Minimum value: 0 Maximum value: 99999

    512

    format

    Configure flow tracking protocol.

    option

    -

    netflow9

    Option

    Description

    netflow1

    Netflow version 1 sampling.

    netflow5

    Netflow version 5 sampling.

    netflow9

    Netflow version 9 sampling.

    ipfix

    Ipfix sampling.

    collector-ip

    Configure collector ip address.

    ipv4-address

    Not Specified

    0.0.0.0

    collector-port

    Configure collector port number.

    integer

    Minimum value: 0 Maximum value: 65535

    0

    transport

    Configure L4 transport protocol for exporting packets.

    option

    -

    udp

    Option

    Description

    udp

    UDP protocol.

    tcp

    TCP protocol.

    sctp

    SCTP protocol.

    level

    Configure flow tracking level.

    option

    -

    ip

    Option

    Description

    vlan

    Collects srcip/dstip/srcport/dstport/protocol/tos/vlan from the sample packet.

    ip

    Collects srcip/dstip from the sample packet.

    port

    Collects srcip/dstip/srcport/dstport/protocol from the sample packet.

    proto

    Collects srcip/dstip/protocol from the sample packet.

    mac

    Collects smac/dmac from the sample packet.

    max-export-pkt-size

    Configure flow max export packet size .

    integer

    Minimum value: 512 Maximum value: 9216

    512

    timeout-general

    Configure flow session general timeout .

    integer

    Minimum value: 60 Maximum value: 604800

    3600

    timeout-icmp

    Configure flow session ICMP timeout .

    integer

    Minimum value: 60 Maximum value: 604800

    300

    timeout-max

    Configure flow session max timeout .

    integer

    Minimum value: 60 Maximum value: 604800

    604800

    timeout-tcp

    Configure flow session TCP timeout .

    integer

    Minimum value: 60 Maximum value: 604800

    3600

    timeout-tcp-fin

    Configure flow session TCP FIN timeout .

    integer

    Minimum value: 60 Maximum value: 604800

    300

    timeout-tcp-rst

    Configure flow session TCP RST timeout .

    integer

    Minimum value: 60 Maximum value: 604800

    120

    timeout-udp

    Configure flow session UDP timeout .

    integer

    Minimum value: 60 Maximum value: 604800

    300

    config aggregates

    Parameter

    Description

    Type

    Size

    Default

    ip

    IP address to group all matching traffic sessions to a flow.

    ipv4-classnet

    Not Specified

    0.0.0.0 0.0.0.0
    Previous
    Next

    config switch-controller flow-tracking

    config switch-controller flow-tracking

    Configure FortiSwitch flow tracking and export via ipfix/netflow.

    config switch-controller flow-tracking

    Description: Configure FortiSwitch flow tracking and export via ipfix/netflow.

    set sample-mode [local|perimeter|...]

    set sample-rate {integer}

    set format [netflow1|netflow5|...]

    set collector-ip {ipv4-address}

    set collector-port {integer}

    set transport [udp|tcp|...]

    set level [vlan|ip|...]

    set max-export-pkt-size {integer}

    set timeout-general {integer}

    set timeout-icmp {integer}

    set timeout-max {integer}

    set timeout-tcp {integer}

    set timeout-tcp-fin {integer}

    set timeout-tcp-rst {integer}

    set timeout-udp {integer}

    config aggregates

    Description: Configure aggregates in which all traffic sessions matching the IP Address will be grouped into the same flow.

    edit <id>

    set ip {ipv4-classnet}

    next

    end

    end

    config switch-controller flow-tracking

    Parameter

    Description

    Type

    Size

    Default

    sample-mode

    Configure sample mode for the flow tracking.

    option

    -

    perimeter

    Option

    Description

    local

    Set local mode which samples on the specific switch port.

    perimeter

    Set perimeter mode which samples on all switch fabric ports and fortilink port at the ingress.

    device-ingress

    Set device -ingress mode which samples across all switch ports at the ingress.

    sample-rate

    Configure sample rate for the perimeter and device-ingress sampling.

    integer

    Minimum value: 0 Maximum value: 99999

    512

    format

    Configure flow tracking protocol.

    option

    -

    netflow9

    Option

    Description

    netflow1

    Netflow version 1 sampling.

    netflow5

    Netflow version 5 sampling.

    netflow9

    Netflow version 9 sampling.

    ipfix

    Ipfix sampling.

    collector-ip

    Configure collector ip address.

    ipv4-address

    Not Specified

    0.0.0.0

    collector-port

    Configure collector port number.

    integer

    Minimum value: 0 Maximum value: 65535

    0

    transport

    Configure L4 transport protocol for exporting packets.

    option

    -

    udp

    Option

    Description

    udp

    UDP protocol.

    tcp

    TCP protocol.

    sctp

    SCTP protocol.

    level

    Configure flow tracking level.

    option

    -

    ip

    Option

    Description

    vlan

    Collects srcip/dstip/srcport/dstport/protocol/tos/vlan from the sample packet.

    ip

    Collects srcip/dstip from the sample packet.

    port

    Collects srcip/dstip/srcport/dstport/protocol from the sample packet.

    proto

    Collects srcip/dstip/protocol from the sample packet.

    mac

    Collects smac/dmac from the sample packet.

    max-export-pkt-size

    Configure flow max export packet size .

    integer

    Minimum value: 512 Maximum value: 9216

    512

    timeout-general

    Configure flow session general timeout .

    integer

    Minimum value: 60 Maximum value: 604800

    3600

    timeout-icmp

    Configure flow session ICMP timeout .

    integer

    Minimum value: 60 Maximum value: 604800

    300

    timeout-max

    Configure flow session max timeout .

    integer

    Minimum value: 60 Maximum value: 604800

    604800

    timeout-tcp

    Configure flow session TCP timeout .

    integer

    Minimum value: 60 Maximum value: 604800

    3600

    timeout-tcp-fin

    Configure flow session TCP FIN timeout .

    integer

    Minimum value: 60 Maximum value: 604800

    300

    timeout-tcp-rst

    Configure flow session TCP RST timeout .

    integer

    Minimum value: 60 Maximum value: 604800

    120

    timeout-udp

    Configure flow session UDP timeout .

    integer

    Minimum value: 60 Maximum value: 604800

    300

    config aggregates

    Parameter

    Description

    Type

    Size

    Default

    ip

    IP address to group all matching traffic sessions to a flow.

    ipv4-classnet

    Not Specified

    0.0.0.0 0.0.0.0
    Previous
    Next