(exported records—default is
20), according to the requirements of your NetFlow collector. The
firewall refreshes the templates after either threshold is passed.
which is the frequency in minutes at which the firewall exports
records (default is 5).
PAN-OS Field Types
you want the firewall to export App-ID and User-ID fields.
each NetFlow collector
(up to two per profile) that will receive records. For each collector,
specify the following:
to identify the collector.
hostname or IP address.
to save the profile.
Assign the NetFlow server profile to the firewall interfaces
where traffic you want to analyze is ingressing.
In this example, you assign the profile to an existing
an interface name to edit it.
You can export NetFlow records for Layer 3, Layer
2, virtual wire, tap, VLAN, loopback, and tunnel interfaces. For
aggregate Ethernet interfaces, you can export records for the individual
sub-interfaces that data flows through within the group.
Select the NetFlow server profile (
) you configured and click
Required for PA-7000 Series, PA-5400 Series,
and PA-5200 Series firewalls
Configure a service route
for the interface that the firewall will use to send NetFlow records.
You cannot use the management (MGT) interface to send NetFlow
records from the PA-7000 Series, PA-5400 Series, and PA-5200 Series
firewalls. For other firewall models, a service route is optional.
For all firewalls, the interface that sends NetFlow records does
not have to be the same as the interface for which the firewall
collects the records.
Firewall with multiple virtual systems
one of the following:
—Select this option
if the service route applies to all virtual systems on the firewall.
—Select this option
if the service route applies to a specific virtual system. Set the
the virtual system.
Service Route Configuration
Select the protocol (
that the interface uses. You can configure the service route for
both protocols if necessary.
in the Service
are not valid
interface options for sending NetFlow records from PA-7000 Series,
PA-5400 Series, or PA-5200 Series firewalls.
twice to save your
Monitor the firewall traffic in a NetFlow collector.