We are monitoring the internal interface of our firewall (Fortigate 200B) with sFlow.
The internal interface of the firewall sits on a Management VLAN, which then passes traffic through to various businesses each on their own VLAN which are segregated from each other via ACLS.
The Management VLAN has access to all VLANs.
Set up like this, it works - we can see all traffic for all VLAN's.
However we want to be able to filter to see only traffic to/from a certain VLAN.
I think we are setting the Include Filter wrong - we have tried:
Once these are set, it stops collecting data. As soon as it is removed it works again.
What is the correct setting?