//
you're reading...
IT & TECHNOLOGY, Palo Alto Networks

Go with the NetFlow


PANW-New-Logo-2

tech doc updated

What is NetFlow and How Can it Help Me Monitor Traffic?

Do you want to know how much traffic is flowing through your network, where it’s coming from and going to, and who is generating it?

Palo Alto Networks firewalls support NetFlow v9, an industry-standard protocol for exporting information about IP traffic flows as they enter or exit an interface. You can use this information to gain real-time situational awareness of all users, devices, and traffic in your network.

netflow1

The firewall sends the flow information as NetFlow records to a NetFlow collector. A flow is a unidirectional sequence of packets that have common attributes such as ingress interface, source/destination IP address, IP protocol, source/destination port, and IP type of service. In the Palo Alto Networks implementation, the NetFlow records also include application names and usernames that the App-ID and User-ID features identify. The NetFlow collector processes the flow records to present traffic analysis in a user-friendly format. This traffic analysis enables you to discover patterns in bandwidth usage and device performance. It also helps you detect traffic anomalies so you can improve firewall policies to protect your network while allowing users to access useful applications.

For example, if users complain about slow or sporadic access to services, NetFlow can help you identify which users, endpoints, applications, and protocols use the most bandwidth and at what times. Identifying the top “talkers” and predicting spikes in activity can help you plan bandwidth expansion. If DoS or other attacks target your network, NetFlow can help you to detect these before they escalate and cause a network outage.

Using NetFlow is Easy!

To start using NetFlow to analyze traffic:

  1. Define access to a NetFlow collector by configuring a NetFlow server profile.
  2. Assign the profile to each firewall interface that carries the traffic you want to monitor.
  3. Use the NetFlow collector to analyze the traffic.

For detailed configuration instructions and a list of supported NetFlow templates and fields, refer to NetFlow Monitoring in the PAN-OS 7.0 Administrator’s Guide.

[Palo Alto Networks Blog]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 115,070 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,068 other followers

Twitter Updates

Error: Twitter did not respond. Please wait a few minutes and refresh this page.

Archives

October 2015
M T W T F S S
« Sep   Nov »
 1234
567891011
12131415161718
19202122232425
262728293031  
%d bloggers like this: