Firebox NetFlow and PRTG Integration Guide

Deployment Overview

WatchGuard provides integration instructions to help our customers configure WatchGuard products to work with products created by other organizations. If you need more information or technical support about how to configure a third-party product, see the documentation and support resources for that product.

Topology

This diagram shows a typical NetFlow topology.

Before You Begin

Make sure your PRTG Network Monitor services are running and your Firebox has Fireware v12.7 or higher.

Configure Your Firebox for PRTG Network Monitor

You must configure your Firebox as a NetFlow exporter and specify connection settings for the NetFlow collector.

To configure your Firebox as a NetFlow exporter, from Fireware Web UI:

1. Select System > NetFlow.
2. Select Enable NetFlow .
3. For the Protocol Version, select V5.
4. In the Collector Address text box, type the IP address of the NetFlow collector.
5. In the Port text box, type 8885.
   The Firebox must be able to communicate with the NetFlow collector at the specified IP address and port with the UDP protocol.
   
6. In the Active Flow Timeout text box, type 20.
   The Active Flow Timeout setting segments your flow into small flows based on the value you specify. We recommend that you specify an Active Flow Timeout value that is lower than the Active Flow Timeout value on the collector. This helps to avoid data loss. If the Active Flow Timeout value is lower on the collector, the collector might stop listening while the Firebox is sending data.
7. Keep the Sampling Mode disabled.
8. To enable NetFlow for an interface, select the check box adjacent to that interface.
   If you have many interfaces, use the Interface Name search box or select an option from the Type or Zone drop-down lists to find an interface quickly.
9. To select all interfaces, select the check box adjacent to the Interface Name text box.
10. To monitor outbound traffic generated by the Firebox or destined for Firebox, select Firebox Traffic items.
11. Click Save.

For more information about NetFlow on the Firebox, see About NetFlow and Configure NetFlow in Fireware Help.

Configure Your PRTG Network Monitor

After you configure the Firebox, you must configure the PRTG Network Monitor settings.

1. Log in to the PRTG web console with your administrator account.
2. When you first start the thread, Network Monitor searches for all devices in your network that it can reach.
3. If your Firebox is detected, go to Step 12.
4. If your Firebox is not detected, select Devices > Add Device to add it manually.



5. Select a group for your Firebox.
6. Click OK.



7. Type your Firebox device name.
8. For the IP Version, select IPv4.
9. In the IPv4 Address/DNS Name text box, type the IPv4 address of your Firebox.
10. Keep the default settings for all other options.
11. Click OK.



12. To create a NetFlow sensor, right-click the Firebox in the list and select Add Sensor.
    Or, click Add Sensor under your device sensor list.



13. In the Technology Used? section, select xFlow.
    Additional settings appear.
14. Click NetFlow V5.



15. In the Receive NetFlow Packets on UDP Port text box, type 8885.
16. Select one or more local IP addresses for Receive NetFlow Packets on IP Address.
17. In the Active Flow Timeout text box, type a value. PRTG recommends a value that is 1 minute greater than the Active Flow Timeout value you configured on the Firebox.
18. For Sampling Mode, select Off.
19. Keep the default settings for all other options.
20. Click Create.

Test the Integration

To test the integration, in PRTG NetFlow:

1. After you configure the Firebox and PRTG NetFlow settings, the sensor shows a connected status.

2. To see the details of the flow in your collector, click the sensor.