Monitor Fortigate with S-Flow and Solarwinds.


Trying to get a Fortigate, and Solarwinds' Netflow to work together is trouble.  We can configure S-Flow (see previous post) on the Fortigate and Solarwinds will accept the feed;  however the SW output from is not correct.  Some issues:

  • The traffic distribution by percent looks like it may be accurate.
  • The actual numbers for traffic flow are way off.  
  • The actual monitored ports are mislabeled in the Solarwinds' Netflow page.

    Let's say I monitor my Fortigate's port 1 & 2, with Orion NPM.  The SNMP statistics and numbers are accurate and display well.

    If I try to monitor the same ports from SW-Netflow there will be no information.  After trial and error, I found I was able to get port 1 & 2's sflow data, if I configured SW-Netflow, to collect information from the Fortigate port 7&9.

    Keep in mind, there is nothing physically plugged into port 7&9.  I figured out that the data matched up to the 1st two ports on the Fortigate.  I have a hard time explaining the results to my co-workers.  Luckily they don't have as much interest in SW as I do.  It's far from perfect but it is still helpful.  Hopefully SW will fix this in future releases.

    The only other options are to rely on the FortiAnalyzer for additional data or to use an open source sflow solution, specifically for our Fortigates.  
Last updated 1/17/12 by Steven Jordan.



2 Comments

  1. What's pros and cons of this network monitor? I'm using total network monitor and never tried solarwinds solution. I need something for Server management on Linux.

    ReplyDelete
  2. Hi Jonathan, Solarwinds is a great product.

    Pros: Very informative. Tons of monitors including SMTP, WMI, Powershell, Netflow, etc.. It's very easy to implement. It supports a wide range of vendors -especially Cisco. It excels at network data.

    Cons: It's expensive (mostly worth the cost). It's tough to justify if you own System Center. However System Center does not offer Netflow -yet.

    Since you're a Linux guy I highly suggest Observium. It's free and the SNMP stats are every bit as good as Solarwinds. Also check out NFSEN for Netflow traffic.

    Cheers!

    ReplyDelete

My Instagram