User Configuration Tasks

AppFlow : Managing Flow Reporting Statistics

User Configuration Tasks

Depending on the type of flows you are collecting, you will need to determine which type of reporting will work best with your setup and configuration. This section includes configuration examples for each supported NetFlow solution, as well as configuring a second appliance to act as a collector.

•

NetFlow Version 5 Configuration Procedures

•

NetFlow Version 9 Configuration Procedures

•

IPFIX (NetFlow Version 10) Configuration Procedures

•

Note that IPFIX uses templates that must be known to an external collector before sending data. In External Collector Settings and Actions, click the Generate ALL Templates button to begin generating templates. IPFIX with Extensions Configuration Procedures

NetFlow Version 5 Configuration Procedures

To configure typical Netflow version 5 flow reporting, follow the steps listed below.

1

In External Collector Settings, select the Send AppFlow and Real-Time Data To External Collector checkbox.

2

Select Netflow version-5 as the External Flow Reporting Format from the drop-down list.

3

Specify the External Collector’s IP address in the provided field.

4

For the Source IP to Use for Collector on a VPN Tunnel, specify the source IP if the external collector must be reached by a VPN tunnel. Note that this step is optional.

5

Specify the External Collector’s UDP port number in the provided field. The default port is 2055.

6

In the Connection Report Settings and Report Connections, select the Interface-based checkbox. Once enabled, the flows reported are based on the initiator or responder interface. Note that this step is optional.

7

In the Connection Report Settings and Report Connections, select the Firewall/App Rules-based checkbox. Once enabled, the flows reported are based on already existing firewall rules. Note that this step is optional, but is required if flow reporting is done on selected interfaces.

NetFlow Version 9 Configuration Procedures

To configure Netflow version 9 flow reporting, follow the steps listed below.

1

In External Collector Settings, select the Send AppFlow and Real-Time Data To External Collector checkbox.

2

Select Netflow version-9 as the External Flow Reporting Format from the drop-down list.

3

Specify the External Collector’s IP address in the provided field.

4

For the Source IP to Use for Collector on a VPN Tunnel, specify the source IP if the external collector must be reached by a VPN tunnel. Note that this step is optional.

5

Specify the External Collector’s UDP port number in the provided field. The default port is 2055.

6

In the Connection Report Settings and Report Connections, select the Interface-based checkbox. Once enabled, the flows reported are based on the initiator or responder interface. Note that this step is optional.

7

In the Connection Report Settings and Report Connections, select the Firewall/App Rules-based checkbox. Once enabled, the flows reported are based on already existing firewall rules. Note that this step is optional, but is required if flow reporting is done on selected interfaces.

8

Note that Netflow version-9 uses templates that must be known to an external collector before sending data. In External Collector Settings and Actions, click the Generate ALL Templates button to begin generating templates.

IPFIX (NetFlow Version 10) Configuration Procedures

To configure IPFIX, or NetFlow version 10, flow reporting, follow the steps listed below.

1

In External Collector Settings, select the Send AppFlow and Real-Time Data To External Collector checkbox.

2

Select IPFIX as the External Flow Reporting Format from the drop-down list.

3

Specify the External Collector’s IP address in the provided field.

4

For the Source IP to Use for Collector on a VPN Tunnel, specify the source IP if the external collector must be reached by a VPN tunnel. Note that this step is optional.

5

Specify the External Collector’s UDP port number in the provided field. The default port is 2055.

6

In the Connection Report Settings and Report Connections, select the Interface-based checkbox. Once enabled, the flows reported are based on the initiator or responder interface. Note that this step is optional.

7

In the Connection Report Settings and Report Connections, select the Firewall/App Rules-based checkbox. Once enabled, the flows reported are based on already existing firewall rules. Note that this step is optional, but is required if flow reporting is done on selected interfaces.

Note that IPFIX uses templates that must be known to an external collector before sending data. In External Collector Settings and Actions, click the Generate ALL Templates button to begin generating templates. IPFIX with Extensions Configuration Procedures

To configure IPFIX with extensions flow reporting, follow the steps listed below.

1

In External Collector Settings, select the Send AppFlow and Real-Time Data To External Collector checkbox.

2

Select IPFIX with extensions as the External Flow Reporting Format from the drop-down menu7.

3

Specify the External Collector’s IP address in the provided field.

4

For the Source IP to Use for Collector on a VPN Tunnel, specify the source IP if the external collector must be reached by a VPN tunnel.

5

Specify the External Collector’s UDP port number in the provided field. The default port is 2055.

6

Optionally, in the Connection Report Settings and Report Connections, select the Interface-based checkbox. Once enabled, the flows reported are based on the initiator or responder interface.

7

In the Connection Report Settings and Report Connections, select the Firewall/App Rules-based checkbox. Once enabled, the flows reported are based on already existing firewall rules. Note that this step is optional, but is required if flow reporting is done on selected interfaces.

8

Note that IPFIX uses templates that must be known to an external collector before sending data. Click the Generate ALL Templates button to begin generating templates.

9

Enable the option to Send static flows at regular intervals by selecting the checkbox. After enabling this option, click the Generate Static Flows button.

10

Select the tables you wish to receive static flows for from the Send Static AppFlow For Following Tables drop-down list.

11

Select the tables you wish to receive dynamic flows for from the Send Dynamic AppFlow For Following Tables drop-down list.

12

Select any additional reports to be generated to a flow from the Include Following Additional Reports via IPFIX drop-down list.

Configuring Netflow with Extensions with SonicWALL Scrutinizer

One external flow reporting option that works with Netflow with Extensions is the third-party collector called SonicWALL Scrutinizer. This collector displays a range of reporting and analysis that is both Netflow and SonicWALL flow aware.

To verify your Netflow with Extensions reporting configurations, perform the following steps.

1

In Visualization Dashboard Settings and Collector To User For AppFlow Monitor Page, select the AppFlow Server checkbox.

2

In AppFlow Server Settings, enable the Send AppFlow To SonicWALL AppFlow Server checkbox to enable flows to be reported to an external flow collector.

3

In External Collector Settings, select the Send AppFlow and Real-Time Data To External Collector checkbox.

4

Select IPFIX with extensions as the External Flow Reporting Format from the drop-down list.

5

Specify the External Collector’s IP address in the provided field.

6

For the Source IP to Use for Collector on a VPN Tunnel, specify the source IP if the external collector must be reached by a VPN tunnel.

7

Specify the External Collector’s UDP port number in the provided field. The default port is 2055.

8

In the Connection Report Settings and Report Connections, select the Interface-based checkbox. Once enabled, the flows reported are based on the initiator or responder interface. Note that this step is optional.

9

In the Connection Report Settings and Report Connections, select the Firewall/App Rules-based checkbox. Once enabled, the flows reported are based on already existing firewall rules. Note that this step is optional, but is required if flow reporting is done on selected interfaces.

10

Select the tables you wish to receive static flows for from the provided drop-down list. Then, click Accept.

.

NOTE: Currently, Scrutinizer supports Applications and Threats only. Future versions of Plixer will support the following Static Flows: Location Map, Services, Rating Map, Table Map, and Column Map.

11

Next, navigate to the Network > Interfaces screen.

12

Confirm that Flow Reporting is enabled per interface by clicking the Configure icon of the interface you are requesting data from.

13

On the Advanced tab, select the checkbox to Enable flow reporting. Then, click OK.

14

Login to SonicWALL Scrutinizer. The data displays within minutes.