Configure NetFlow Exports

To use a NetFlow collector for analyzing the network traffic on firewall interfaces, perform the following steps to configure NetFlow record exports.
  1. Create a NetFlow server profile.
    The profile defines which NetFlow collectors will receive the exported records and specifies export parameters.
    1. Select
      Device
      Server Profiles
      NetFlow
      and click
      Add
      .
    2. Enter a
      Name
      for the profile.
    3. Specify the rate at which the firewall refreshes NetFlow Templates in
      Minutes
      (default is 30) and
      Packets
      (exported records—default is 20), according to the requirements of your NetFlow collector. The firewall refreshes the templates after either threshold is passed.
    4. For the
      Active Timeout
      , specify the frequency in minutes at which the firewall exports records (default is 5).
    5. Select the
      PAN-OS Field Types
      check box if you want the firewall to export App-ID and User-ID fields.
    6. For each NetFlow collector (up to two per profile) that will receive fields, click
      Add
      and enter an identifying server
      Name
      , hostname or IP address (
      NetFlow Server
      ), and access
      Port
      (default is 2055).
    7. Click
      OK
      to save the profile.
  2. Assign the NetFlow server profile to the interfaces that carry the traffic you want to analyze.
    In this example, you assign the profile to an existing Ethernet interface.
    1. Select
      Network
      Interfaces
      Ethernet
      and click an interface name to edit it.
      You can export NetFlow records for Layer 3, Layer 2, virtual wire, tap, VLAN, loopback, and tunnel interfaces. For aggregate Ethernet interfaces, you can export records for the aggregate group but not for individual interfaces within the group.
    2. In the
      NetFlow Profile
      drop-down, select the NetFlow server profile and click
      OK
      .
    3. Click
      Commit
      .
  3. Monitor the firewall traffic in a NetFlow collector.
    Refer to the documentation for your NetFlow collector.
    When monitoring statistics, you must match the interface indexes in the NetFlow collector with interface names in the firewall web interface. For details, see Firewall Interface Identifiers in SNMP Managers and NetFlow Collectors.

Recommended For You