5.2.1. Setting up Netflow

Netflow is a network protocol that was introduced by Cisco Systems that provides the ability to collect network traffic statistics. A typical Netflow monitoring setup consists of three main components:

  • Sensor - aggregates packets into flows and exports flow records towards one or more flow collectors.

  • Flow collector - responsible for reception, storage and pre-processing of flow data received from a sensor.

  • Analysis application - analyzes received flow data and prepares reports.

UserGate can act as Netflow sensor. To configure UserGate as a sensor perform the following steps:

Name

Description

Step 1. Create a new Netflow profile

In Libraries --> Netflow profiles click Add and create new profile.

Step 2. Assign Netflow profile to the network interface which should collect traffic statistics

In Network --> Interfaces select required interface, click Edit and assign Netflow profile created on the previous step.

Netflow profile has the following configuration settings:

Name

Description

Name

Name of Netflow profile.

Description

Description of Netflow profile.

Netflow collector IP

IP address of Netflow collector.

Netflow collector port

UDP port of Netflow collector. Default is 2055.

Netflow protocol version

Version of Netflow protocol to use

Active flow timeout, (sec.)

Export flow after it has been active for this timeout in seconds. Default value is 1800.

Inactive flow timeout, (sec.)

Export flow after it has been inactive for this timeout in seconds. Default value is 15.

Maximum flows

Maximum number of flows to account. It's here to prevent DoS attacks. After this limit is reached new flows will not be accounted. Default is 2000000, set zero to unlimited.

Send NAT information

Collect and send NAT translation events netflow collector.

Template refresh rate (packets)

The number of packets after which sensor re-sends templates to Netflow collector. Only for Netflow 9/10. Default value is 20.

Timeout to re-send old template (sec.)

Time in seconds after which sensor re-sends old template to Netflow collector. Only for Netflow 9/10. Default value is 1800 seconds.