Differences

This shows you the differences between two versions of the page.

--- vendor:forti [2023/06/13 18:02] – created veera
+++ vendor:forti [2023/06/13 18:11] (current) – [Configuring on Fortigate] veera
@@ Line 40: / Line 40: @@
 <note important>If you enabled set netflow-sampler both on all interfaces this could result in double counting and show increased bandwidth numbers</note>
+===== Configuration on Trisul Network Analytics =====
+Next, on Trisul perform the following configuration steps
+== Netflow configuration file https://www.trisul.org/docs/ref/netflow-config.html ==
+source /usr/local/share/trisul-probe/trisbashrc
+edit.cfg
+(select option 3 to edit Netflow)
+Then make the following changes
+  * Set ''MeterAppID'' to TRUE   (to enable AppID)
+  * Set ''IgnoreOutCounts'' to TRUE
+  * Set ''MeterTosAsDSCP'' to TRUE
+== Creating metering policies ==
+After Trisul has been running for a while, it is time to configure some extra metering policies. Do the following
+  * Create a Crosskey counter group called "FlowIntf_bx_QOS"  parent as FlowIntf, crosskey1 as Flow-TOS
+  * Create a Crosskey counter group called "FlowIntf_bx_GeoAS" parent FlowIntf, crosskey1 as ASNumber
+  * From the Netflow Wizard enable all Trackers
+  * From the Netflow Wizard enable all Utilization alerts
+Then restart the trisul probe.
+This will be a good starting configuration for a Fortigate environment.
+=== References ===
+. Fortigate Netflow https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-Configure-Netflow/ta-p/196080
+. Trisul Network Analytics - Netflow configuration file https://www.trisul.org/docs/ref/netflow-config.html