What is Netflow?
Netflow is used to send network data from your NG Firewall server to a centralized Netflow data collector for analysis. Netflow requires both a flow exporter and flow collector for proper data transport and analysis.
A flow exporter aggregates and exports data in ‘flows’ to a flow collector; the NG Firewall acts as the exporter within your network. A flow collector then receives, stores, and allows for processing and analysis of the flow data. These flows contain traffic statistics on the interfaces of the NG Firewall, including source/destination IPs, ports, protocol type and code, and more.
Netflow settings within the NG Firewall can be found within Config > Network > Advanced > Netflow. Here you can set the appropriate IP address and port number for the collector to receive the information, as well as the version of Netflow used to transmit the data. You will want to ensure that the settings here mirror those of the collector that you want data exported to.
- Host: The specified host IP of the Netflow collector that the NG Firewall is exporting to.
- Port: The server port for the connection the Netflow collector that the NG Firewall is exporting to. The default used for most Netflow processes (and within the NG Firewall) is UDP 2055, but you may need to update this value depending on the settings of the collector. UDP 2056, 4432, 4739, 9995, 9996, and 6343 are all common ports for different types of flow collectors.
- Version: The Netflow version used to export data. The default used for most Netflow processes (and the most recent version used within the NG Firewall) is v9, but the settings are configurable for either v1, v5, or v9.