SYS-CON MEDIA Authors: Yung Chou, RealWire News Distribution, Paul Miller, Andy Melmed, ExtraHop Networks

Blog Feed Post

How to configure Palo Alto Networks NetFlow
By Michael Patterson
Article Rating:
August 29, 2012 09:33 AM EDT
Reads:
 890

Palo Alto Networks NetFlow support is now available and with the latest version of our NetFlow monitoring solution you can get NAT and also application reporting for this firewall.

Today I’ll be providing step by step instructions on how to configure NetFlow for this device, and also show an example of the extended NetFlow reporting available.

How to configure Palo Alto Networks NetFlow

There are 2 basic steps for configuring the Palo Alto Networks firewall to export NetFlow:

1.  Define a NetFlow server profile – this specifies the frequency of the export along with the NetFlow servers that will receive the exported data.

2.  Assign the profile to a firewall interface - all traffic flowing over this interface is exported to the specified server(s).

 

Step 1

To define a NetFlow server profile, navigate to Device-> Server Profiles-> NetFlow in the GUI. Here you will see the following settings:

Name: Enter a name for the NetFlow settings.

Template Refresh Rate: Specify the number of minutes or number of packets after which the NetFlow template is refreshed (we recommend 1 minute; packets range 1-600, default 20).

Active Timeout: Specify the frequency at which data records are exported for each session (we recommend 1 minute).

Export PAN-OS Specific Field Types: Export PAN-OS specific fields such as App-ID and User-ID in NetFlow records.

Server Name: Specify a name to identify the server.

Server: Specify the host name or IP address of the server.

Port: Specify the port number for server access (default 9996).

 

Palo Alto NetFlow Servers

 

Step 2

Once the NetFlow profile is configured, the next step is to assign the profile to a firewall interface. For this, navigate to Network-> Interfaces-> Ethernet. Click the link for the interface on the Ethernet tab -

 

Palo Alto NetFlow interface configuration

Then specify the NetFlow Profile -

Palo Alto interface NetFlow profile configuration

 

With our advanced NetFlow reporting solution, you can get advanced Palo Alto Networks NetFlow reporting such as applications reports – giving you visibility of named applications, rather than reporting the traffic as http(80 TCP); NAT (Network Address Translation) reports; and User reports.

Palo Alto Networks Application reports

 

In addition to the advanced NetFlow reporting, the standard NetFlow reports such as conversations, TopN reporting, and also threat detection capabilities are available from Palo Alto Networks NetFlow exports.

 

For more information on configuring NetFlow on this firewall, see the Palo Alto NetFlow Configuration Guide.

And if you need further assistance with configuring the NetFlow on this firewall, or with accessing the advanced NetFlow reports, please do not hesitate to contact us at 207-324-8805.

 


Joanne Ghidoni
Sr. Solutions Engineer

For a free 30 day trial of Scrutinizer, Download Now

Sign up for Advanced NetFlow Training coming to a city near you!

Read the original blog entry...

Published August 29, 2012 – Reads 890
Copyright © 2012 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.

More Stories By Michael Patterson

Michael Patterson, is the founder & CEO of Plixer and the product manager for Scrutinizer NetFlow and sFlow Analyzer. Prior to starting Somix and Plixer, Mike worked in a technical support role at Cabletron Systems, acquired his Novell CNE and then moved to the training department for a few years. While in training he finished his Masters in Computer Information Systems from Southern New Hampshire University and then left technical training to pursue a new skill set in Professional Services. In 1998 he left the 'Tron' to start Somix and Plixer.