Netflow is a network protocol that was introduced by Cisco Systems that provides the ability to collect network traffic statistics. A typical Netflow monitoring setup consists of three main components:
-
Sensor - aggregates packets into flows and exports flow records towards one or more flow collectors.
-
Flow collector - responsible for reception, storage and pre-processing of flow data received from a sensor.
-
Analysis application - analyzes received flow data and prepares reports.
UserGate can act as Netflow sensor. To configure UserGate as a sensor perform the following steps:
|
Name |
Description |
|---|---|
|
Step 1. Create a new Netflow profile |
In Libraries --> Netflow profiles click Add and create new profile. |
|
Step 2. Assign Netflow profile to the network interface which should collect traffic statistics |
In Network --> Interfaces select required interface, click Edit and assign Netflow profile created on the previous step. |
Netflow profile has the following configuration settings:
|
Name |
Description |
|---|---|
|
Name |
Name of Netflow profile. |
|
Description |
Description of Netflow profile. |
|
Netflow collector IP |
IP address of Netflow collector. |
|
Netflow collector port |
UDP port of Netflow collector. Default is 2055. |
|
Netflow protocol version |
Version of Netflow protocol to use |
|
Active flow timeout, (sec.) |
Export flow after it has been active for this timeout in seconds. Default value is 1800. |
|
Inactive flow timeout, (sec.) |
Export flow after it has been inactive for this timeout in seconds. Default value is 15. |
|
Maximum flows |
Maximum number of flows to account. It's here to prevent DoS attacks. After this limit is reached new flows will not be accounted. Default is 2000000, set zero to unlimited. |
|
Send NAT information |
Collect and send NAT translation events netflow collector. |
|
Template refresh rate (packets) |
The number of packets after which sensor re-sends templates to Netflow collector. Only for Netflow 9/10. Default value is 20. |
|
Timeout to re-send old template (sec.) |
Time in seconds after which sensor re-sends old template to Netflow collector. Only for Netflow 9/10. Default value is 1800 seconds. |