Firebox NetFlow and PRTG Integration Guide

Contents

Deployment Overview

This document describes how to configure your Firebox as a NetFlow exporter to integrate with the PRTG network monitor service.

Topology

This diagram shows a typical NetFlow topology.

Screen shot of a typical NetFlow topology

Before You Begin

Before you begin these procedures, make sure that:

  • The PRTG Network Monitor version is 23.2.84.1566 x64
  • Your PRTG Network Monitor services are running
  • You have a Firebox that runs Fireware v12.9.4 (Build 682007) or higher

Configure Your Firebox for PRTG Network Monitor

You must configure your Firebox as a NetFlow exporter and specify connection settings for the NetFlow collector.

To configure your Firebox as a NetFlow exporter, from Fireware Web UI:

  1. Select System > NetFlow.
  2. Click The screenshot of key-icon to unlock and make changes.
  3. Select Enable NetFlow.
  4. For the Protocol Version, select V9.
  5. In the Collector Address text box, type the IP address of the NetFlow collector.
  6. In the Port text box, type 8885.
    The Firebox must be able to communicate with the NetFlow collector at the specified IP address and port with the UDP protocol.
  7. In the Active Flow Timeout text box, type 20.
    The Active Flow Timeout setting segments your flow into small flows based on the value you specify. We recommend that you specify an Active Flow Timeout value that is lower than the Active Flow Timeout value on the collector. This helps to avoid data loss. If the Active Flow Timeout value is lower on the collector, the collector might stop listening while the Firebox is sending data.
  8. Keep the Sampling Mode disabled.
  9. To monitor Firebox traffic, select the Monitor Traffic Generated by the Firebox and Monitor Traffic Destined for the Firebox check boxes.
  10. To enable NetFlow for an interface, select the check box adjacent to that interface.
    If you have many interfaces, use the Interface Name search box or select an option from the Type or Zone drop-down list to find an interface quickly.
  11. To select all interfaces, select the check box adjacent to the Interface Name text box.
  12. Click Save.
  13. Screen shot of the enable Netflow in Firebox

For more information about NetFlow on the Firebox, go to About NetFlow and Configure NetFlow in Fireware Help.

Configure Your PRTG Network Monitor

After you configure the Firebox, you must configure the PRTG Network Monitor settings.

Add a Device

To add a device:

  1. Log in to the PRTG web console with your administrator account.
    When you first start the thread, Network Monitor searches for all devices in your network that it can reach.
  2. If your Firebox is detected, go to Add a NetFlow v9 Sensor.
  3. If your Firebox is not detected, select Devices > Add Device to add it manually.
  4. Screen shot of the Devices menu in PRTG

  5. Select a group for your Firebox. Click OK.
  6. Screen shot of the add a device in PRTG

  7. In the Device Name text box, type your Firebox device name.
  8. For the IP Version, select IPv4.
  9. In the IPv4 Address/DNS Name text box, type the IPv4 address of your Firebox.
  10. (Optional) Select a device icon.
  11. Keep the default settings for all other options. Click OK.
  12. Screen shot of the add a device details in PRTG

Add a NetFlow v9 Sensor

To add a NetFlow v9 sensor:

  1. Right-click the Firebox in the list, and select Add Sensor.
    Or, click Add Sensor under your device sensor list.
  2. Screen shot of the Add a sensor 001

  3. From the Technology Used? section, select Flow Protocols.
  4. Select NetFlow v9.
  5. The screeshot of Flow Protocols

  6. In the Receive Packets on UDP Port text box, type 8885.
    This value must be the same as the UDP port number in the NetFlow export options of the Firebox.
  7. Select one or more local IP addresses for Receive Packets on IP Address.
  8. In the Active Flow Timeout text box, type a value. PRTG recommends a value that is 1 minute greater than the Active Flow Timeout value you configured on the Firebox.
  9. For Sampling Mode, select Off.
  10. Keep the default settings for all other options.
  11. Click Create.
  12. Screenshot of the add the sensor 003 in PRTG

Test the Integration

After you configure the Firebox and PRTG NetFlow settings, the sensor shows a connected status. You can click the sensor to view the details of the flow in your collector.

    Screen shot of the sensor status in PRTG

    Screen shot of the Overview page in PRTG