NetFlow templates
NetFlow uses templates to capture and categorize the data that it collects. FortiOS supports the following NetFlow templates:
Name |
Template ID |
Description |
---|---|---|
STAT_OPTIONS |
Statistics information about exporter |
|
APP_ID_OPTIONS |
Application information |
|
IPV4 |
No NAT IPv4 traffic |
|
IPV6 |
No NAT IPv6 traffic |
|
ICMP4 |
No NAT ICMPv4 traffic |
|
ICMP6 |
No NAT ICMPv6 traffic |
|
IPV4_NAT |
Source/Destination NAT IPv4 traffic |
|
IPV4_AF_NAT |
AF NAT IPv4 traffic (4->6) |
|
IPV6_NAT |
Source/Destination NAT IPv6 traffic |
|
IPV6_AF_NAT |
AF NAT IPv6 traffic (6->4) |
|
ICMP4_NAT |
Source/Destination NAT ICMPv4 traffic |
|
ICMP4_AF_NAT |
AF NAT ICMPv4 traffic (4->6) |
|
ICMP6_NAT |
Source/Destination NAT ICMPv6 traffic |
|
ICMPv6_AF_NAT |
AF NAT ICMPv6 traffic (6->4) |
256 - STAT_OPTIONS
Description |
Statistics information about exporter |
Scope Field Count |
1 |
Data Field Count |
7 |
Option Scope Length |
4 |
Option Length |
28 |
Padding |
0000 |
Scope fields
Field # |
Field |
Type |
Length |
---|---|---|---|
1 |
System |
System (1) |
2 |
Data fields
Field # |
Field |
Type |
Length |
---|---|---|---|
1 |
TOTAL_BYTES_EXP |
TOTAL_BYTES_EXP (40) |
8 |
2 |
TOTAL_PKTS_EXP |
TOTAL_PKTS_EXP (41) |
8 |
3 |
TOTAL_FLOWS_EXP |
TOTAL_FLOWS_EXP (42) |
8 |
4 |
FLOW_ACTIVE_TIMEOUT |
FLOW_ACTIVE_TIMEOUT (36) |
2 |
5 |
FLOW_INACTIVE_TIMEOUT |
FLOW_INACTIVE_TIMEOUT (37) |
2 |
6 |
SAMPLING_INTERVAL |
SAMPLING_INTERVAL (34) |
4 |
7 |
SAMPLING_ALGORITHM |
SAMPLING_ALGORITHM (35) |
1 |
257 - APP_ID_OPTIONS
Description |
Application information |
Scope Field Count |
1 |
Data Field Count |
4 |
Option Scope Length |
4 |
Option Length |
16 |
Padding |
0000 |
Scope fields
Field # |
Field |
Type |
Length |
---|---|---|---|
1 |
System |
System (1) |
2 |
Data fields
Field # |
Field |
Type |
Length |
---|---|---|---|
1 |
APPLICATION_ID |
APPLICATION_ID (95) |
9 |
2 |
APPLICATION_NAME |
APPLICATION_NAME (96) |
64 |
3 |
APPLICATION_DESC |
APPLICATION_DESC (94) |
64 |
4 |
applicationCategoryName |
applicationCategoryName (372) |
32 |
258 - IPV4
Description |
No NAT IPv4 traffic |
Data Field Count |
17 |
Data fields
Field # |
Field |
Type |
Length |
---|---|---|---|
1 |
BYTES |
BYTES (1) |
8 |
2 |
OUT_BYTES |
OUT_BYTES (23) |
8 |
3 |
PKTS |
PKTS (2) |
4 |
4 |
OUT_PKTS |
OUT_PKTS (24) |
4 |
5 |
FIRST_SWITCHED |
FIRST_SWITCHED (22) |
4 |
6 |
LAST_SWITCHED |
LAST_SWITCHED (21) |
4 |
7 |
L4_SRC_PORT |
L4_SRC_PORT (7) |
2 |
8 |
L4_DST_PORT |
L4_DST_PORT (11) |
2 |
9 |
INPUT_SNMP |
INPUT_SNMP (10) |
2 |
10 |
OUTPUT_SNMP |
OUTPUT_SNMP (14) |
2 |
11 |
PROTOCOL |
PROTOCOL (4) |
1 |
12 |
APPLICATION_ID |
APPLICATION_ID (95) |
9 |
13 |
FLOW_FLAGS |
FLOW_FLAGS (65) |
2 |
14 |
FORWARDING_STATUS |
FORWARDING_STATUS (89) |
1 |
15 |
flowEndReason |
flowEndReason (136) |
1 |
16 |
IP_SRC_ADDR |
IP_SRC_ADDR (8) |
4 |
17 |
IP_DST_ADDR |
IP_DST_ADDR (12) |
4 |
259 - IPV6
Description |
No NAT IPv6 traffic |
Data Field Count |
17 |
Data fields
Field # |
Field |
Type |
Length |
---|---|---|---|
1 |
BYTES |
BYTES (1) |
8 |
2 |
OUT_BYTES |
OUT_BYTES (23) |
8 |
3 |
PKTS |
PKTS (2) |
4 |
4 |
OUT_PKTS |
OUT_PKTS (24) |
4 |
5 |
FIRST_SWITCHED |
FIRST_SWITCHED (22) |
4 |
6 |
LAST_SWITCHED |
LAST_SWITCHED (21) |
4 |
7 |
L4_SRC_PORT |
L4_SRC_PORT (7) |
2 |
8 |
L4_DST_PORT |
L4_DST_PORT (11) |
2 |
9 |
INPUT_SNMP |
INPUT_SNMP (10) |
2 |
10 |
OUTPUT_SNMP |
OUTPUT_SNMP (14) |
2 |
11 |
PROTOCOL |
PROTOCOL (4) |
1 |
12 |
APPLICATION_ID |
APPLICATION_ID (95) |
9 |
13 |
FLOW_FLAGS |
FLOW_FLAGS (65) |
2 |
14 |
FORWARDING_STATUS |
FORWARDING_STATUS (89) |
1 |
15 |
flowEndReason |
flowEndReason (136) |
1 |
16 |
IPV6_SRC_ADDR |
IPV6_SRC_ADDR (27) |
16 |
17 |
IPV6_DST_ADDR |
IPV6_DST_ADDR (28) |
16 |
260 - ICMP4
Description |
No NAT ICMPv4 traffic |
Data Field Count |
16 |
Data fields
Field # |
Field |
Type |
Length |
---|---|---|---|
1 |
BYTES |
BYTES (1) |
8 |
2 |
OUT_BYTES |
OUT_BYTES (23) |
8 |
3 |
PKTS |
PKTS (2) |
4 |
4 |
OUT_PKTS |
OUT_PKTS (24) |
4 |
5 |
FIRST_SWITCHED |
FIRST_SWITCHED (22) |
4 |
6 |
LAST_SWITCHED |
LAST_SWITCHED (21) |
4 |
7 |
INPUT_SNMP |
INPUT_SNMP (10) |
2 |
8 |
OUTPUT_SNMP |
OUTPUT_SNMP (14) |
2 |
9 |
ICMP_TYPE |
ICMP_TYPE (32) |
2 |
10 |
PROTOCOL |
PROTOCOL (4) |
1 |
11 |
APPLICATION_ID |
APPLICATION_ID (95) |
9 |
12 |
FLOW_FLAGS |
FLOW_FLAGS (65) |
2 |
13 |
FORWARDING_STATUS |
FORWARDING_STATUS (89) |
1 |
14 |
flowEndReason |
flowEndReason (136) |
1 |
15 |
IP_SRC_ADDR |
IP_SRC_ADDR (8) |
4 |
16 |
IP_DST_ADDR |
IP_DST_ADDR(12) |
4 |
261 - ICMP6
Description |
No NAT ICMPv6 traffic |
Data Field Count |
16 |
Data fields
Field # |
Field |
Type |
Length |
---|---|---|---|
1 |
BYTES |
BYTES (1) |
8 |
2 |
OUT_BYTES |
OUT_BYTES (23) |
8 |
3 |
PKTS |
PKTS (2) |
4 |
4 |
OUT_PKTS |
OUT_PKTS (24) |
4 |
5 |
FIRST_SWITCHED |
FIRST_SWITCHED (22) |
4 |
6 |
LAST_SWITCHED |
LAST_SWITCHED (21) |
4 |
7 |
INPUT_SNMP |
INPUT_SNMP (10) |
2 |
8 |
OUTPUT_SNMP |
OUTPUT_SNMP (14) |
2 |
9 |
ICMP_TYPE |
ICMP_TYPE (32) |
2 |
10 |
PROTOCOL |
PROTOCOL (4) |
1 |
11 |
APPLICATION_ID |
APPLICATION_ID (95) |
9 |
12 |
FLOW_FLAGS |
FLOW_FLAGS (65) |
2 |
13 |
FORWARDING_STATUS |
FORWARDING_STATUS (89) |
1 |
14 |
flowEndReason |
flowEndReason (136) |
1 |
15 |
IPV6_SRC_ADDR |
IPV6_SRC_ADDR (27) |
16 |
16 |
IPV6_DST_ADDR |
IPV6_DST_ADDR (28) |
16 |
262 - IPV4_NAT
Description |
Source/Destination NAT IPv4 traffic |
Data Field Count |
21 |
Data fields
Field # |
Field |
Type |
Length |
---|---|---|---|
1 |
BYTES |
BYTES (1) |
8 |
2 |
OUT_BYTES |
OUT_BYTES (23) |
8 |
3 |
PKTS |
PKTS (2) |
4 |
4 |
OUT_PKTS |
OUT_PKTS (24) |
4 |
5 |
FIRST_SWITCHED |
FIRST_SWITCHED (22) |
4 |
6 |
LAST_SWITCHED |
LAST_SWITCHED (21) |
4 |
7 |
L4_SRC_PORT |
L4_SRC_PORT (7) |
2 |
8 |
L4_DST_PORT |
L4_DST_PORT (11) |
2 |
9 |
INPUT_SNMP |
INPUT_SNMP (10) |
2 |
10 |
OUTPUT_SNMP |
OUTPUT_SNMP (14) |
2 |
11 |
PROTOCOL |
PROTOCOL (4) |
1 |
12 |
APPLICATION_ID |
APPLICATION_ID (95) |
9 |
13 |
FLOW_FLAGS |
FLOW_FLAGS (65) |
2 |
14 |
FORWARDING_STATUS |
FORWARDING_STATUS (89) |
1 |
15 |
flowEndReason |
flowEndReason (136) |
1 |
16 |
IP_SRC_ADDR |
IP_SRC_ADDR (8) |
4 |
17 |
IP_DST_ADDR |
IP_DST_ADDR (12) |
4 |
18 |
postNATSourceIPv4Address |
postNATSourceIPv4Address (225) |
4 |
19 |
postNATDestinationIPv4Address |
postNATDestinationIPv4Address (226) |
4 |
20 |
postNAPTSourceTransportPort |
postNAPTSourceTransportPort (227) |
2 |
21 |
postNAPTDestinationTransportPort |
postNAPTDestinationTransportPort (228) |
2 |
263 - IPV4_AF_NAT
Description |
AF NAT IPv4 traffic (4->6) |
Data Field Count |
21 |
Data fields
Field # |
Field |
Type |
Length |
---|---|---|---|
1 |
BYTES |
BYTES (1) |
8 |
2 |
OUT_BYTES |
OUT_BYTES (23) |
8 |
3 |
PKTS |
PKTS (2) |
4 |
4 |
OUT_PKTS |
OUT_PKTS (24) |
4 |
5 |
FIRST_SWITCHED |
FIRST_SWITCHED (22) |
4 |
6 |
LAST_SWITCHED |
LAST_SWITCHED (21) |
4 |
7 |
L4_SRC_PORT |
L4_SRC_PORT (7) |
2 |
8 |
L4_DST_PORT |
L4_DST_PORT (11) |
2 |
9 |
INPUT_SNMP |
INPUT_SNMP (10) |
2 |
10 |
OUTPUT_SNMP |
OUTPUT_SNMP (14) |
2 |
11 |
PROTOCOL |
PROTOCOL (4) |
1 |
12 |
APPLICATION_ID |
APPLICATION_ID (95) |
9 |
13 |
FLOW_FLAGS |
FLOW_FLAGS (65) |
2 |
14 |
FORWARDING_STATUS |
FORWARDING_STATUS (89) |
1 |
15 |
flowEndReason |
flowEndReason (136) |
1 |
16 |
IPV6_SRC_ADDR |
IPV6_SRC_ADDR (27) |
16 |
17 |
IPV6_DST_ADDR |
IPV6_DST_ADDR (28) |
16 |
18 |
postNATSourceIPv6Address |
postNATSourceIPv6Address (281) |
16 |
19 |
postNATDestinationIPv6Address |
postNATDestinationIPv6Address (282) |
16 |
20 |
postNAPTSourceTransportPort |
postNAPTSourceTransportPort (227) |
2 |
21 |
postNAPTDestinationTransportPort |
postNAPTDestinationTransportPort (228) |
2 |
264 - IPV6_NAT
Description |
Source/Destination NAT IPv6 traffic |
Data Field Count |
21 |
Data fields
Field # |
Field |
Type |
Length |
---|---|---|---|
1 |
BYTES |
BYTES (1) |
8 |
2 |
OUT_BYTES |
OUT_BYTES (23) |
8 |
3 |
PKTS |
PKTS (2) |
4 |
4 |
OUT_PKTS |
OUT_PKTS (24) |
4 |
5 |
FIRST_SWITCHED |
FIRST_SWITCHED (22) |
4 |
6 |
LAST_SWITCHED |
LAST_SWITCHED (21) |
4 |
7 |
L4_SRC_PORT |
L4_SRC_PORT (7) |
2 |
8 |
L4_DST_PORT |
L4_DST_PORT (11) |
2 |
9 |
INPUT_SNMP |
INPUT_SNMP (10) |
2 |
10 |
OUTPUT_SNMP |
OUTPUT_SNMP (14) |
2 |
11 |
PROTOCOL |
PROTOCOL (4) |
1 |
12 |
APPLICATION_ID |
APPLICATION_ID (95) |
9 |
13 |
FLOW_FLAGS |
FLOW_FLAGS (65) |
2 |
14 |
FORWARDING_STATUS |
FORWARDING_STATUS (89) |
1 |
15 |
flowEndReason |
flowEndReason (136) |
1 |
16 |
IP_SRC_ADDR |
IP_SRC_ADDR (8) |
4 |
17 |
IP_DST_ADDR |
IP_DST_ADDR (12) |
4 |
18 |
postNATSourceIPv6Address |
postNATSourceIPv6Address (281) |
16 |
19 |
postNATDestinationIPv6Address |
postNATDestinationIPv6Address (282) |
16 |
20 |
postNAPTSourceTransportPort |
postNAPTSourceTransportPort (227) |
2 |
21 |
postNAPTDestinationTransportPort |
postNAPTDestinationTransportPort (228) |
2 |
265 - IPV6_AF_NAT
Description |
AF NAT IPv6 traffic (6->4) |
Data Field Count |
21 |
Data fields
Field # |
Field |
Type |
Length |
---|---|---|---|
1 |
BYTES |
BYTES (1) |
8 |
2 |
OUT_BYTES |
OUT_BYTES (23) |
8 |
3 |
PKTS |
PKTS (2) |
4 |
4 |
OUT_PKTS |
OUT_PKTS (24) |
4 |
5 |
FIRST_SWITCHED |
FIRST_SWITCHED (22) |
4 |
6 |
LAST_SWITCHED |
LAST_SWITCHED (21) |
4 |
7 |
L4_SRC_PORT |
L4_SRC_PORT (7) |
2 |
8 |
L4_DST_PORT |
L4_DST_PORT (11) |
2 |
9 |
INPUT_SNMP |
INPUT_SNMP (10) |
2 |
10 |
OUTPUT_SNMP |
OUTPUT_SNMP (14) |
2 |
11 |
PROTOCOL |
PROTOCOL (4) |
1 |
12 |
APPLICATION_ID |
APPLICATION_ID (95) |
9 |
13 |
FLOW_FLAGS |
FLOW_FLAGS (65) |
2 |
14 |
FORWARDING_STATUS |
FORWARDING_STATUS (89) |
1 |
15 |
flowEndReason |
flowEndReason (136) |
1 |
16 |
IPV6_SRC_ADDR |
IPV6_SRC_ADDR (27) |
16 |
17 |
IPV6_DST_ADDR |
IPV6_DST_ADDR (28) |
16 |
18 |
postNATSourceIPv4Address |
postNATSourceIPv4Address (225) |
4 |
19 |
postNATDestinationIPv4Address |
postNATDestinationIPv4Address (226) |
4 |
20 |
postNAPTSourceTransportPort |
postNAPTSourceTransportPort (227) |
2 |
21 |
postNAPTDestinationTransportPort |
postNAPTDestinationTransportPort (228) |
2 |
266 - ICMPV4_NAT
Description |
Source/Destination NAT ICMPv4 traffic |
Data Field Count |
20 |
Data fields
Field # |
Field |
Type |
Length |
---|---|---|---|
1 |
BYTES |
BYTES (1) |
8 |
2 |
OUT_BYTES |
OUT_BYTES (23) |
8 |
3 |
PKTS |
PKTS (2) |
4 |
4 |
OUT_PKTS |
OUT_PKTS (24) |
4 |
5 |
FIRST_SWITCHED |
FIRST_SWITCHED (22) |
4 |
6 |
LAST_SWITCHED |
LAST_SWITCHED (21) |
4 |
7 |
INPUT_SNMP |
INPUT_SNMP (10) |
2 |
8 |
OUTPUT_SNMP |
OUTPUT_SNMP (14) |
2 |
9 |
ICMP_TYPE |
ICMP_TYPE (32) |
2 |
10 |
PROTOCOL |
PROTOCOL (4) |
1 |
11 |
APPLICATION_ID |
APPLICATION_ID (95) |
9 |
12 |
FLOW_FLAGS |
FLOW_FLAGS (65) |
2 |
13 |
FORWARDING_STATUS |
FORWARDING_STATUS (89) |
1 |
14 |
flowEndReason |
flowEndReason (136) |
1 |
15 |
IP_SRC_ADDR |
IP_SRC_ADDR (8) |
4 |
16 |
IP_DST_ADDR |
IP_DST_ADDR (12) |
4 |
17 |
postNATSourceIPv4Address |
postNATSourceIPv4Address (225) |
4 |
18 |
postNATDestinationIPv4Address |
postNATDestinationIPv4Address (226) |
4 |
19 |
postNAPTSourceTransportPort |
postNAPTSourceTransportPort (227) |
2 |
20 |
postNAPTDestinationTransportPort |
postNAPTDestinationTransportPort (228) |
2 |
267 - ICMPV4_AF_NAT
Description |
AF NAT ICMPv4 traffic (4->6) |
Data Field Count |
20 |
Data fields
Field # |
Field |
Type |
Length |
---|---|---|---|
1 |
BYTES |
BYTES (1) |
8 |
2 |
OUT_BYTES |
OUT_BYTES (23) |
8 |
3 |
PKTS |
PKTS (2) |
4 |
4 |
OUT_PKTS |
OUT_PKTS (24) |
4 |
5 |
FIRST_SWITCHED |
FIRST_SWITCHED (22) |
4 |
6 |
LAST_SWITCHED |
LAST_SWITCHED (21) |
4 |
7 |
INPUT_SNMP |
INPUT_SNMP (10) |
2 |
8 |
OUTPUT_SNMP |
OUTPUT_SNMP (14) |
2 |
9 |
ICMP_TYPE |
ICMP_TYPE (32) |
2 |
10 |
PROTOCOL |
PROTOCOL (4) |
1 |
11 |
APPLICATION_ID |
APPLICATION_ID (95) |
9 |
12 |
FLOW_FLAGS |
FLOW_FLAGS (65) |
2 |
13 |
FORWARDING_STATUS |
FORWARDING_STATUS (89) |
1 |
14 |
flowEndReason |
flowEndReason (136) |
1 |
15 |
IPV6_SRC_ADDR |
IPV6_SRC_ADDR (27) |
16 |
16 |
IPV6_DST_ADDR |
IPV6_DST_ADDR (28) |
16 |
17 |
postNATSourceIPv6Address |
postNATSourceIPv6Address (281) |
16 |
18 |
postNATDestinationIPv6Address |
postNATDestinationIPv6Address (282) |
16 |
19 |
postNAPTSourceTransportPort |
postNAPTSourceTransportPort (227) |
2 |
20 |
postNAPTDestinationTransportPort |
postNAPTDestinationTransportPort (228) |
2 |
268 - ICMPV6_NAT
Description |
Source/Destination NAT ICMPv6 traffic |
Data Field Count |
20 |
Data fields
Field # |
Field |
Type |
Length |
---|---|---|---|
1 |
BYTES |
BYTES (1) |
8 |
2 |
OUT_BYTES |
OUT_BYTES (23) |
8 |
3 |
PKTS |
PKTS (2) |
4 |
4 |
OUT_PKTS |
OUT_PKTS (24) |
4 |
5 |
FIRST_SWITCHED |
FIRST_SWITCHED (22) |
4 |
6 |
LAST_SWITCHED |
LAST_SWITCHED (21) |
4 |
7 |
INPUT_SNMP |
INPUT_SNMP (10) |
2 |
8 |
OUTPUT_SNMP |
OUTPUT_SNMP (14) |
2 |
9 |
ICMP_TYPE |
ICMP_TYPE (32) |
2 |
10 |
PROTOCOL |
PROTOCOL (4) |
1 |
11 |
APPLICATION_ID |
APPLICATION_ID (95) |
9 |
12 |
FLOW_FLAGS |
FLOW_FLAGS (65) |
2 |
13 |
FORWARDING_STATUS |
FORWARDING_STATUS (89) |
1 |
14 |
flowEndReason |
flowEndReason (136) |
1 |
15 |
IP_SRC_ADDR |
IP_SRC_ADDR (8) |
4 |
16 |
IP_DST_ADDR |
IP_DST_ADDR (12) |
4 |
17 |
postNATSourceIPv6Address |
postNATSourceIPv6Address (281) |
16 |
18 |
postNATDestinationIPv6Address |
postNATDestinationIPv6Address (282) |
16 |
19 |
postNAPTSourceTransportPort |
postNAPTSourceTransportPort (227) |
2 |
20 |
postNAPTDestinationTransportPort |
postNAPTDestinationTransportPort (228) |
2 |
269 - ICMPV6_AF_NAT
Description |
AF NAT ICMPv6 traffic (6->4) |
Data Field Count |
20 |
Data fields
Field # |
Field |
Type |
Length |
---|---|---|---|
1 |
BYTES |
BYTES (1) |
8 |
2 |
OUT_BYTES |
OUT_BYTES (23) |
8 |
3 |
PKTS |
PKTS (2) |
4 |
4 |
OUT_PKTS |
OUT_PKTS (24) |
4 |
5 |
FIRST_SWITCHED |
FIRST_SWITCHED (22) |
4 |
6 |
LAST_SWITCHED |
LAST_SWITCHED (21) |
4 |
7 |
INPUT_SNMP |
INPUT_SNMP (10) |
2 |
8 |
OUTPUT_SNMP |
OUTPUT_SNMP (14) |
2 |
9 |
ICMP_TYPE |
ICMP_TYPE (32) |
2 |
10 |
PROTOCOL |
PROTOCOL (4) |
1 |
11 |
APPLICATION_ID |
APPLICATION_ID (95) |
9 |
12 |
FLOW_FLAGS |
FLOW_FLAGS (65) |
2 |
13 |
FORWARDING_STATUS |
FORWARDING_STATUS (89) |
1 |
14 |
flowEndReason |
flowEndReason (136) |
1 |
15 |
IPV6_SRC_ADDR |
IPV6_SRC_ADDR (27) |
16 |
16 |
IPV6_DST_ADDR |
IPV6_DST_ADDR (28) |
16 |
17 |
postNATSourceIPv4Address |
postNATSourceIPv4Address (225) |
4 |
18 |
postNATDestinationIPv4Address |
postNATDestinationIPv4Address (226) |
4 |
19 |
postNAPTSourceTransportPort |
postNAPTSourceTransportPort (227) |
2 |
20 |
postNAPTDestinationTransportPort |
postNAPTDestinationTransportPort (228) |
2 |