External Collector Settings

This section provides configuration settings for AppFlow reporting to an external IPFIX collector.

•	Send AppFlow and Real-Time Data To External Collector—Selecting this check box enables the specified flows to be reported to an external flow collector.

•

External AppFlow Reporting Format—If the “Report to EXTERNAL Flow Collector” option is selected, you must specify the flow reporting type from the provided list in the drop-down menu: NetFlow version-5, NetFlow version-9, IPFIX, or IPFIX with extensions. If the reporting type is set to Netflow versions 5, 9, or IPFIX, then any third-party collector can be used to show flows reported from the device. It uses standard data types as defined in IETF. If the reporting type is set to IPFIX with extensions, then the collectors that are SonicWALL flow aware can only be used. When using IPFIX with extensions, select a third-party collector that is SonicWALL flow aware, such as SonicWALL Scrutinizer. For Netflow versions and IPFIX reporting types, only connection related flows are reported per the standard. For IPFIX with extensions, connection related flows are reported with SonicWALL specific data type, as well as various other tables to correlate flows with Users, Applications, Viruses, VPN, and so on.

•	External Collector’s IP Address—Specify the external collector’s IP address. This IP address must be reachable from the SonicWALL firewall in order for the collector to generate flow reports.

•	Source IP to Use for Collector on a VPN Tunnel—If the external collector must be reached by a VPN tunnel, specify the source IP for the correct VPN policy. Note: Select Source IP from the local network specified in the VPN policy. If specified, Netflow/IPFIX flow packets always take the VPN path.

•	External Collector’s UDP Port Number—Specify the UDP port number that Netflow/IPFIX packets are being sent over. The default port is 2055.

•

Send IPFIX/Netflow Templates at Regular Intervals—Selecting this check box enables the appliance to send Template flows at regular intervals. Netflow version-9 and IPFIX use templates that must be known to an external collector before sending data. Per IETF, a reporting device must be capable of sending templates at a regular interval to keep the collector in sync with the device. If the collector does not need templates at regular intervals, you can disable it here. This option is available with Netflow version-9, IPFIX, and IPFIX with extensions only.

•	Send Static AppFlow at Regular Interval—Selecting this check box enables the sending of these specified appflows.

•

Send Static AppFlow for Following Tables—Select the static mapping tables to be generated to a flow from the drop-down list. Values include: Applications, Viruses, Spyware, Intrusions, Location Map, Services, Rating Maps, Table Map, and Column Map. When running in IPFIX with extensions mode, SonicWALL reports multiple types of data to an external device in order to correlate User, VPN, Application, Virus, and Spyware information. In this mode, data is both static and dynamic. Static tables are needed only one time because they rarely change. Depending on the capability of the external collector, not all static tables are needed. You can select the tables needed in this section. This option is available with IPFIX with extensions only.

•	Send Dynamic AppFlow for Following Tables—Select the dynamic mapping tables to be generated to a flow from the drop-down list. Values include: Connections, Users, URLs, URL Ratings, VPNs, Devices, SPAMs, Locations, and VoIPs.

•	Include Following Additional Reports via IPFIX—Select additional IPFIX reports to be generated to a flow. Select values from the drop-down list. Values include: Top 10 Apps, Interface Stats, Core Utilization, and Memory Utilization.

•

When running in IPFIX with extensions mode, SonicWALL is capable of reporting more data that is not related to connection and flows. These tables are grouped under this section (Additional Reports). Depending on the capability of the external collector, not all additional tables are needed. In this section, users can select tables that are needed. This option is available with IPFIX with extensions only.

•	Actions—Click Generate ALL Templates to begin building templates on the IPFIX server, this will take up to two minutes to generate. Click Generate Static AppFlow Data to begin generate a large amount of flows to the IPFIX server, this will take up to two minutes to generate.