Configure NetFlow

You can configure your Firebox as a NetFlow exporter in Fireware v12.3 or higher.

For detailed information about NetFlow, go to About NetFlow.

To configure NetFlow, from Fireware Web UI:

1. Select System > NetFlow.
2. Select Enable NetFlow.
3. For the protocol version, select V5 or V9.
   To monitor IPv6 traffic, you must use V9. In Fireware v12.7.1 or higher, post-NAT addresses appear in flow records if you select V9.
4. In the Collector Address text box, type the IPv4 or IPv6 address of the collector. The collector is the server that collects NetFlow data from the Firebox.
5. In the Port text box, type the port configured on the collector.
   The Firebox must be able to communicate with the collector at the specified IP address and port with the UDP protocol.
6. In the Active Flow Timeout text box, type a number between 1 and 60 minutes.
   We recommend that you specify an Active Flow Timeout value that is lower than the Active Flow Timeout value on the collector. This helps to avoid data loss. If the Active Flow Timeout value is lower on the collector, the collector might stop listening while the Firebox is sending data. By default, the Active Flow Timeout value on the Firebox is 30 minutes.
7. (Optional) To enable Sampling Mode, select the Sample every 1 out of check box.
8. If you enabled Sampling mode, in the adjacent text box, type a number between 2 and 65535 packets.
9. (Optional) To monitor Firebox traffic:

• (Fireware v12.5 or higher) Select Monitor traffic generated by the Firebox or Monitor traffic destined for the Firebox.
• (Fireware v12.3.x and v12.4.x) From the list of interfaces, select Firebox.

10. To enable NetFlow for an interface: Tip! To quickly find an interface, select an option from the Type or Zone drop-down lists.

• (Fireware v12.5 or higher) Next to the interface name, select Ingress, Egress, or both.
• (Fireware v12.3.x or v12.4.x) Select the check box next to the interface.

To configure NetFlow, from Policy Manager:

1. Select Setup > NetFlow.
2. Select Enable NetFlow.
3. For the protocol version, select V5 or V9.
   To monitor IPv6 traffic, you must use V9. In Fireware v12.7.1 or higher, post-NAT addresses appear in flow records if you select V9.
4. In the Collector Address text boxes, type the IP address and port of the collector. The collector is the server that collects NetFlow data from the Firebox.
   The Firebox must be able to communicate with the collector at the specified IP address and port with the UDP protocol.
5. In the Active Flow Timeout text box, type a number between 1 and 60 minutes.
   We recommend that you specify an Active Flow Timeout value that is lower than the Active Flow Timeout value on the collector. This helps to avoid data loss. If the Active Flow Timeout value is lower on the collector, the collector might stop listening while the Firebox is sending data. By default, the Active Flow Timeout value on the Firebox is 30 minutes.
6. (Optional) To enable Sampling Mode, select Enable Sampling.
7. If you enabled Sampling mode, in the Sample 1 out of every text box, type a number between 2 and 65535 packets.
8. (Optional) To monitor Firebox traffic:

• (Fireware v12.5 or higher) Select Monitor traffic generated by the Firebox or Monitor traffic destined for the Firebox.
• (Fireware v12.3.x and v12.4.x) From the list of interfaces, select Firebox.

9. To enable NetFlow for an interface: Tip! To quickly find an interface, select an option from the Type or Zone drop-down lists.

• (Fireware v12.5 or higher) Adjacent to the interface name, select Ingress, Egress, or both.
• (Fireware v12.3.x or v12.4.x) Select the check box adjacent to that interface.
  

To configure NetFlow on the collector, go to these integration guides or the documentation for your collector:

Firebox NetFlow and Plixer Scrutinizer Integration Guide

Firebox NetFlow and PRTG Integration Guide

Firebox NetFlow and SolarWinds NetFlow Traffic Analyzer Integration Guide

Related Topics

About NetFlow