NetFlow can decrease the throughput and connection rate of your Firebox because of the resources required to collect and record flows. If the Firebox must traverse a less secure network or the Internet, we recommend that you use a VPN to protect the NetFlow data. Make sure the network between the Firebox and the collector is trusted. There is no authentication between the Firebox and the collector, and packet transport is not encrypted. The information in a flow appears in clear text. The Firebox sends flow records to the collector with UDP. To avoid duplicate data, select Ingress or Egress, but not both. On the Firebox, if you select both Ingress and Egress for multiple interfaces, be aware that you might collect duplicate NetFlow data. This captures traffic that exits the internal Firebox interface, which includes traffic sent to the switch. To capture traffic that exits an interface, you can select the Egress option in Fireware v12.5 or higher.įor example, if you have an internal switch without NetFlow, enable NetFlow egress on the internal Firebox interface the switch connects to. You can use NAT events to identify which clients on the local network generated traffic. In the flow record, X-Src and X-Dst indicate the source and destination post-NAT addresses. In Fireware v12.7.1 or higher, IP addresses for NAT and NAT-T (NAT traversal) events appear in flow records if you select V9 in the Firebox NetFlow configuration. To monitor IPv6 traffic and to see post-NAT IP addresses in flow records, you must use V9. By default, the Active Flow Timeout value on the Firebox is 1,800 seconds.įireware supports NetFlow versions V5 and V9. If the Active Flow Timeout value is lower on the collector, the collector might stop listening while the Firebox is sending data. In the Firebox NetFlow configuration, we recommend that you specify an Active Flow Timeout value that is lower than the Active Flow Timeout value on the collector. The Active Flow Timeout is the amount of time an active connection should wait before it terminates. The flow exceeds the Active Flow Timeout value.New traffic appears for a flow, which resets the aging timer.Number of bytes and packets in the flowĪ flow can terminate either normally or abnormally.Time stamps for the start and end of the flow.A flow record contains granular information about the flow, which includes: The Firebox exports a flow record to the collector after the flow terminates. Flows and Flow RecordsĪ net flow, or flow, consists of packets that share these attributes: To configure NetFlow on the collector, see our Integration Guides or the documentation provided by your NetFlow collector service. To configure NetFlow on the Firebox, see Configure NetFlow. ![]() Physical, VLAN, bridge, wireless, and link aggregation interfaces are supported in all zones (Trusted, External, Optional, and Custom).įor more information about the NetFlow protocol, see RFC 3954. In Fireware v12.5 or higher, you can also select to monitor traffic destined for the Firebox itself. You can select to monitor Firebox-generated (self-generated) traffic, which is outbound traffic generated by the Firebox itself. In Fireware v12.5 or higher, you can also select to monitor egress traffic, which is traffic that exits an interface. For pass-through traffic, the Firebox monitors bi-directional traffic if you select to monitor both inbound and outbound interfaces. On the Firebox, you can select to monitor ingress traffic, which is traffic that arrives on an interface. The Firebox itself does not display or analyze flow records. Many third-party applications support the NetFlow protocol. ![]() The collector runs a third-party application that uses the NetFlow protocol to record and analyze network traffic. The Firebox monitors the selected interfaces and sends streams of data known as net flow records to the collector for analysis. You also specify the IP address of a server known as a collector. When you configure NetFlow on your Firebox, you specify which interfaces to monitor. NetFlow is a protocol that is used to collect and analyze IP network traffic. For example, you can use NetFlow data to troubleshoot network performance issues or investigate security concerns. In Fireware v12.3 or higher, you can configure the Firebox as a NetFlow exporter to gain more insights into your network traffic.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |