Help Docs

Configuring sFlow exports on FortiGate (FortiOS 7.6.6 or later)

This guide explains how to configure sFlow export on FortiGate devices running FortiOS (7.6.6 or above) and forward traffic data to the Site24x7 On-Premise Poller.

Prerequisites

Step 1: Configure the sFlow Collector

Configure the Site24x7 On-Premise Poller as the sFlow collector using the code below:

config system sflow
    config collectors
        edit 
            set collector-ip 
            set collector-port 9996
            set source-ip 
            set interface-select-method auto
        next
    end
end

Parameter details

Parameter Description
collector-ip The IP address of the Site24x7 On-Premise Poller
collector-port The port on which the On-Premise Poller listens for sFlow (default: 9996)
source-ip The IP address used as the source of sFlow packets
interface-select-method Determines how the outgoing interface is selected

Step 2: Configure a specific outgoing interface

If the firewall requires a specific interface to reach the sFlow collector, use this configuration when routing policies require explicit interface selection:

config system sflow
    config collectors
        edit 
            set interface-select-method specify
            set interface 
        next
    end
end

Step 3: Enable sFlow on interfaces

Enable sFlow sampling on each interface that needs monitoring using the code below:

config system interface
    edit 
        set sflow-sampler enable
        set sample-rate 2000
        set polling-interval 20
        set sample-direction both
    next
end

Parameter explanation

Parameter Description
sflow-sampler Enables sFlow on the interface
sample-rate Packet sampling rate (10–99,999); default: 2,000
polling-interval Counter polling interval in seconds (1–255); default: 20
sample-direction Traffic direction to sample (ingress, egress, or both)
Note

Lowering the sample rate increases traffic accuracy but may increase CPU and bandwidth usage. The default value is recommended for most environments.

VDOM environment configuration

If virtual domains (VDOMs) are enabled, configure sFlow within the appropriate VDOM with the code below:

config vdom
    edit root
        config system vdom-sflow
            set vdom-sflow enable
            set collector-ip <On-Premise Poller IP address>
            set collector-port 9996
            set source-ip <Source IP address>
            set interface-select-method auto
        end

        config system interface
            edit <interface_name>
                set sflow-sampler enable
                set sample-rate 2000
                set polling-interval 20
                set sample-direction both
            next
        end
    next
end

Important

  • Replace root with the required VDOM name if different.
  • Ensure vdom-sflow is enabled before configuring collector settings.

Verify sFlow configuration

Check sFlow daemon status

diagnose test application sflowd 1

Verify sFlow traffic via packet capture

diagnose sniffer packet any 'port 9996' 4 0 l

You should see outbound UDP packets destined for the Site24x7 On-Premise Poller.

Troubleshooting tips

  • Ensure firewall policies allow outbound UDP traffic to the On-Premise Poller.
  • Confirm the On-Premise Poller is listening on the configured port.
  • Verify routing to the On-Premise Poller IP address.
  • Use packet capture to confirm sFlow packets are leaving the device.
  • Check CPU utilization if sample rates are configured aggressively.

Related articles

Was this document helpful?

Would you like to help us improve our documents? Tell us what you think we could do better.


We're sorry to hear that you're not satisfied with the document. We'd love to learn what we could do to improve the experience.


Thanks for taking the time to share your feedback. We'll use your feedback to improve our online help resources.

Shortlink has been copied!