Fortinet Adds Support for sFlow
 |
POSTED BY Adam Powers on 04.29.2010 0 comments |
My friend Aaron Torres over at Fortinet recently informed me that the FortiGate UTM appliance now supports sFlow. I don't talk about sFlow on this blog all that much but it's out there and anyone that uses Extreme, HP Procurve, or Brocade/Foundry equipment will tell you that it's quite useful when married with a capable sFlow collector.
sFlow is supported on FortiOS 4.0MR2 and above.
Here's a link to a Fortinet KB article discussing configuration of sFlow in a FortiGate device.
sFlow operates by sampling 1 in N packets as they arrive at the device's Ethernet interface. A small bit of the ethernet frame (usually around 68 bytes) is snipped off and placed into a UDP packet along with additional samples. Once the packet reaches 1500 bytes the sFlow exporter attaches a preamble (including sample rate, interface ifindex, etc) and sends the samples to the collector. One of the big advantages sFlow has over NetFlow is that it runs at layer-2. sFlow enabled devices don't need a layer-3 hop to create a flow as most NetFlow exporters do.
Anyway, if you have an sFlow collector and use Fortinet appliances this new feature provides excellent visibility into the traffic flows occurring through the Fortinet device.
NOTE / DISCLAIMER: I haven't actually tested this functionality yet myself but hope to do so in the next few weeks and will update this post if there are any major problems or interesting observations. Also, as with any new feature you should probably proceed with caution. I would talk to my Fortinet SE/support guy about potential caveats before putting this feature into production.
Tweet
TAGS
Post a Comment
Join the conversation. Post a comment using the form below.