User Configuration Tasks

Depending on the type of flows you are collecting, you will need to determine which type of reporting will work best with your setup and configuration. This section includes configuration examples for each supported NetFlow solution, as well as configuring a second appliance to act as a collector.

NetFlow Version 5 Configuration Procedures
NetFlow Version 9 Configuration Procedures
IPFIX (NetFlow Version 10) Configuration Procedures
IPFIX with Extensions Configuration Procedures

NetFlow Version 5 Configuration Procedures

To configure typical Netflow version 5 flow reporting:
1
Click the Settings tab.
2
For Report Connections in the Settings section, select either of these radio buttons:
Interface-based
Firewall/App Rules-based

When enabled, the flows reported are based on the initiator or responder interface or on already existing firewall rules.

* 
NOTE: This step is optional, but is required if flow reporting is done on selected interfaces.
3
Click the External Collector tab.
4
In External Collector Settings, select the Send AppFlow and Real-Time Data To External Collector checkbox.
5
Select Netflow version-5 as the External Flow Reporting Format from the drop-down menu.
6
Specify the External Collector’s IP address in the provided field.
7
Optionally, for the Source IP to Use for Collector on a VPN Tunnel, specify the source IP if the external collector must be reached by a VPN tunnel.
* 
IMPORTANT: This step is required if the external collector must be reached by a VPN tunnel.
8
Specify the External Collector’s UDP port number in the provided field. The default port is 2055.
9
Click the Accept button at the top of the page.
* 
NOTE: You may need to reboot the device to completely enable this configuration.

NetFlow Version 9 Configuration Procedures

To configure Netflow version 9 flow reporting:
1
Click the External Collector tab.
2
In External Collector Settings, select the Send AppFlow and Real-Time Data To External Collector checkbox.
3
Select Netflow version-9 as the External Flow Reporting Format from the drop-down menu.
4
Specify the External Collector’s IP address in the provided field.
5
Optionally, for the Source IP to Use for Collector on a VPN Tunnel, specify the source IP if the external collector must be reached by a VPN tunnel.
6
Specify the External Collector’s UDP port number in the provided field. The default port is 2055.
7
Click the Settings tab.
8
In the Settings section, for Report Connections, select one of these radio buttons:
Interface-based: when enabled, the flows reported are based on the initiator or responder interface.
Firewall/App Rules-based: once enabled, the flows reported are based on already existing firewall rules.
* 
IMPORTANT: This step is optional, but is required if flow reporting is done on selected interfaces.
9
Click the External Collector tab.
10
IPFIX uses templates that must be known to an external collector before sending data. In Actions, click the Generate ALL Templates button to begin generating templates. A message requesting confirmation displays.
* 
IMPORTANT: IPFIX uses templates that must be known to an external collector before sending data.

11
After the templates have been generated, click Accept.

IPFIX (NetFlow Version 10) Configuration Procedures

To configure IPFIX, or NetFlow version 10, flow reporting:
1
Click the External Collector tab.
2
In External Collector Settings, select the Send AppFlow and Real-Time Data To External Collector checkbox.
3
Select IPFIX as the External Flow Reporting Format from the drop-down menu.
4
Specify the External Collector’s IP address in the provided field.
5
Optionally, for the Source IP to Use for Collector on a VPN Tunnel, specify the source IP if the external collector must be reached by a VPN tunnel.
6
Specify the External Collector’s UDP port number in the provided field. The default port is 2055.
7
Click the Settings tab.
8
In the Settings section, for Report Connections, select one of these radio buttons:
Interface-based: when enabled, the flows reported are based on the initiator or responder interface.
Firewall/App Rules-based: once enabled, the flows reported are based on already existing firewall rules.
* 
IMPORTANT: This step is optional, but is required if flow reporting is done on selected interfaces.
9
Click the External Collector tab.
10
IPFIX uses templates that must be known to an external collector before sending data. In Actions, click the Generate ALL Templates button to begin generating templates. A message requesting confirmation displays.
* 
IMPORTANT: IPFIX uses templates that must be known to an external collector before sending data.

11
To begin generating static flow data, click the Generate Static AppFlow Data button. A message requesting confirmation displays.

12
After the templates have been generated, click Accept.

IPFIX with Extensions Configuration Procedures

To configure IPFIX with extensions or IPFIX with extensions v2 flow reporting:
1
Click the External Collector tab.
2
In External Collector Settings, select the Send AppFlow and Real-Time Data To External Collector checkbox.
3
Select IPFIX with extensions as the External Flow Reporting Format from the drop-down menu.
4
Specify the External Collector’s IP address in the provided field.
5
For the Source IP to Use for Collector on a VPN Tunnel, specify the source IP if the external collector must be reached by a VPN tunnel.
6
Specify the External Collector’s UDP port number in the provided field. The default port is 2055.
7
Click the Settings tab.
8
In the Settings section, for Report Connections, select one of these radio buttons:
Interface-based: when enabled, the flows reported are based on the initiator or responder interface.
Firewall/App Rules-based: when enabled, the flows reported are based on already existing firewall rules.
* 
IMPORTANT: This step is optional, but is required if flow reporting is done on selected interfaces.
9
Click the External Collector tab.
10
Select the tables you wish to receive static flows for from the Send Static AppFlow For Following Tables drop-down menu.
11
Select the tables you wish to receive dynamic flows for from the Send Dynamic AppFlow For Following Tables drop-down menu.
12
Select any additional reports to be generated to a flow from the Include Following Additional Reports via IPFIX drop-down menu.
13
At the bottom of the page, click the Generate ALL Templates button to begin generating templates.
* 
IMPORTANT: IPFIX with extensions uses templates that must be known to an external collector before sending data.
14
Enable the option to Send static flows at regular intervals by selecting the checkbox. After enabling this option, click the Generate Static Flows button.

15
To begin generating static flow data, click the Generate Static AppFlow Data button. A message requesting confirmation displays.

16
Click Accept.

Configuring Netflow with Extensions with SonicWALL Scrutinizer

One external flow reporting option that works with Netflow with Extensions is the third-party collector, SonicWALL Scrutinizer. This collector displays a range of reporting and analysis that is both Netflow and SonicWALL-flow aware.

To verify your Netflow with Extensions reporting configurations:
1
Click the Settings tab.
2
In the Settings section, for Report Connections, select the all radio button.
* 
IMPORTANT: This step is optional, but is required if flow reporting is done on selected interfaces.
3
Click the External Collector tab.
4
Click the Send Flows and Real-Time Data To External Collector checkbox.
5
Select IPFIX with extensions or IPFIX with extensions v2 from the External Flow Reporting Format drop-down menu.
6
Specify the External Collector’s IP address in the provided field.
7
If the external collector must be reached by a VPN tunnel, specify the source IP in the Source IP to Use for Collector on a VPN Tunnel field.
8
Specify the External Collector’s UDP port number in the provided field. The default port is 2055.
9
Click the Send Static AppFlow At Regular Interval checkbox.
10
Select the tables you wish to receive static flows for from the Send Dynamic AppFlow For Following Tables drop-down menu.
11
Click the Generate Static AppFlow Data button.
12
Click Accept.

.

* 
NOTE: Currently, Scrutinizer supports Applications and Threats only. Future versions of Plixer will support the following Static Flows: Location Map, Services, Rating Map, Table Map, and Column Map.
13
Next, navigate to the Network > Interfaces screen.
14
Confirm that Flow Reporting is enabled per interface by clicking the Configure icon of the interface you are requesting data from.
15
On the Advanced tab, select the checkbox to Enable flow reporting.
16
Click OK.
17
Login to SonicWALL Scrutinizer. The data displays within minutes.