NetFlow is an industry-standard protocol that the firewall
can use to export statistics about the IP traffic on its interfaces.
The firewall exports the statistics as NetFlow fields to a NetFlow
collector. The NetFlow collector is a server you use to analyze
network traffic for security, administration, accounting and troubleshooting.
All Palo Alto Networks firewalls support NetFlow Version 9. The
firewalls support only unidirectional NetFlow, not bidirectional.
The firewalls perform NetFlow processing on all IP packets on the
interfaces and do not support sampled NetFlow. You can export NetFlow
records for Layer 3, Layer 2, virtual wire, tap, VLAN, loopback,
and tunnel interfaces. For aggregate Ethernet sub-interfaces, you
can export records for the individual sub-interfaces that data flows
through within the group. To identify firewall interfaces in a NetFlow
collector, see Firewall Interface Identifiers in SNMP Managers and NetFlow Collectors. The firewalls
support standard and enterprise (PAN-OS specific) NetFlow Templates, which
NetFlow collectors use to decipher the NetFlow fields.