We have several Fortigates, All send their Netflow data to a Probe. When adding the Netflow sensor to an interface of one of those devices, it will show the data of all netflow data that has been send to the Probe. I only want to see the traffic of that single interface.
Article Comments
Unfortunately that doesn't work, as soon as I enter the source IP (which is the same as the interface I added the sensor to) and add the sender IP in the Netflow part on the Fortigate, I don't get any data at all.... I'm now seperating the data by sending it to different ports, but that's not an ideal situation if you have more then 50 devices. Looking in the history of the KB, this was already a problem in 2010, so I can't understand why it isn't solved yet. In solarwinds this isn't a problem....
Sep, 2017 - Permalink
If a sensor doesn't show any data, after a Sender IP is entered, it means it doesn't get any data from the entered IP. Which sender IP do you enter? Can you share some screenshots? Please use the Netflow-Tester to verify that the entered Sender-IP is correct.
Sep, 2017 - Permalink
Hi, I will be on holiday for the next three weeks, so I will come back on this afterwards.
Sep, 2017 - Permalink
Hello,
thank you for the KB-Post. If you already have separate Netflow Sensors (one for each firewall), and all are listening on the same UDP port, the traffic will be added up. You can filter per firewall then by using the "Sender IP"-Field on each Firewall, and enter the IP of the sending firewall on each Netflow Sensor. Please be aware though, that this will not filter backwards / historic data entries.
best regards
Sep, 2017 - Permalink