NetFlow is an industry-standard protocol that the firewall
can use to export statistics about the IP traffic that traverses
its interfaces. The firewall exports the statistics as NetFlow fields
to a NetFlow collector. The NetFlow collector is a server you use
to analyze network traffic for security, administration, accounting
and troubleshooting. All Palo Alto Networks firewalls support NetFlow
(Version 9) except the PA-4000 Series and PA-7000 Series firewalls.
The firewalls support only unidirectional NetFlow, not bidirectional.
The firewalls perform NetFlow processing on all IP packets on the
interfaces and do not support sampled NetFlow. You can export NetFlow records
for Layer 3, Layer 2, virtual wire, tap, VLAN, loopback, and tunnel
interfaces. For aggregate Ethernet interfaces, you can export records
for the aggregate group but not for individual interfaces within
the group. To identify firewall interfaces in a NetFlow collector,
see Firewall Interface Identifiers in SNMP Managers and NetFlow Collectors.
The firewall supports standard and enterprise (PAN-OS specific) NetFlow Templates,
which NetFlow collectors use to decipher the NetFlow fields.