1. Home
    2. PAN-OS
    3. PAN-OS® Web Interface Reference Guide
    4. Device
    5. Device > Server Profiles > NetFlow
    Previous
    Next
    Device > Server Profiles > Netflow
    Palo Alto Networks firewalls can export statistics about the IP traffic on their interfaces as NetFlow fields to a NetFlow collector. The NetFlow collector is a server you use to analyze network traffic for security, administration, accounting and troubleshooting. All Palo Alto Networks firewalls support NetFlow Version 9 except the PA-4000 Series firewall and PA-7000 Series firewalls. The firewalls support only unidirectional NetFlow, not bidirectional. The firewalls perform NetFlow processing on all IP packets on the interfaces and do not support sampled NetFlow. You can export NetFlow records for Layer 3, Layer 2, virtual wire, tap, VLAN, loopback, and tunnel interfaces. For aggregate Ethernet interfaces, you can export records for the aggregate group but not for individual interfaces within the group. The firewalls support standard and enterprise (PAN-OS specific) NetFlow templates, which NetFlow collectors use to decipher the NetFlow fields. The firewalls select a template based on the type of exported data: IPv4 or IPv6 traffic, with or without NAT, and with standard or enterprise-specific fields.
    To configure NetFlow exports, Add a NetFlow server profile to specify which NetFlow servers will receive the exported data and to specify export parameters. After you assign the profile to an interface (see Network > Interfaces), the firewall exports NetFlow data for all traffic on that interface to the specified servers.
    Netflow Setting Description
    Name Enter a name for the Netflow server profile (up to 31 characters). The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.
    Template Refresh Rate The firewall periodically refreshes NetFlow templates to re-evaluate which one to use (in case the type of exported data changes) and to apply any changes to the fields in the selected template. Specify the rate at which the firewall refreshes NetFlow templates in Minutes (range is 1 to 3,600; default is 30) and Packets (exported records—range is 1 to 600; default is 20), according to the requirements of your NetFlow collector. The firewall refreshes the template after either threshold is passed. The required refresh rate depends on the NetFlow collector. If you add multiple NetFlow collectors to the server profile, use the value of the collector with the fastest refresh rate.
    Active Timeout Specify the frequency (in minutes) at which the firewall exports data records for each session (range is 1–60; default is 5). Set the frequency based on how often you want the NetFlow collector to update traffic statistics.
    PAN-OS Field Types Export PAN-OS specific fields for App-ID and the User-ID service in Netflow records.
    Servers
    Name Specify a name to identify the server (up to 31 characters). The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.
    Server Specify the hostname or IP address of the server. You can add a maximum of two servers per profile.
    Port Specify the port number for server access (default 2055).
    Previous
    Next

    Related Documentation

    Configure NetFlow Exports

    Configure NetFlow Exports To use a NetFlow collector for analyzing the network traffic on firewall interfaces, perform the following steps to configure NetFlow record exports. ...

    NetFlow Monitoring

    NetFlow Monitoring NetFlow is an industry-standard protocol that the firewall can use to export statistics about the IP traffic that traverses its interfaces. The firewall ...

    NetFlow Templates

    NetFlow Templates NetFlow collectors use templates to decipher the fields that the firewall exports. The firewall selects a template based on the type of exported ...

    Use External Services for Monitoring

    Use External Services for Monitoring Using an external service to monitor the firewall enables you to receive alerts for important events, archive monitored information on ...

    Network > Interfaces > Tunnel

    Network > Interfaces > Tunnel The following table describes tunnel interface settings. Tunnel Interface Setting Configure In Description Interface Name Tunnel Interface The read-only Interface ...

    Network > Interfaces

    Network > Interfaces Firewall interfaces (ports) enable a firewall to connect with other network devices and with other interfaces within the firewall. The following topics ...

    Network > Interfaces > Loopback

    Network > Interfaces > Loopback The following table describes loopback interface settings. Loopback Interface Setting Configure In Description Interface Name Loopback Interface The read-only Interface ...

    Ports Used for Management Functions

    Ports Used for Management Functions The firewall and Panorama use the following ports for management functions. Destination Port Protocol Description 22 TCP Used for communication ...

    Network > Interfaces > VLAN

    Network > Interfaces > VLAN A VLAN interface can provide routing into a Layer 3 network (IPv4 and IPv6). You can add one or more ...

    Provide Granular Access to the Device Tab

    Provide Granular Access to the Device Tab To define granular access privileges for the Device tab, when creating or editing an admin role profile ( ...

    © 2019 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo