End-of-Life (EoL)

NetFlow Support for PA-7000 Series Firewalls

PA-7000 Series firewalls now have the same ability as other Palo Alto Networks firewalls to export session-based NetFlow records to a NetFlow collector. This gives you more comprehensive visibility into how users and devices are using network resources.
  1. Select
    Server Profiles
    a NetFlow server profile to define how the firewall connects to the NetFlow collector.
  2. Assign the NetFlow server profile to the firewall interfaces that convey the traffic you want to analyze.
    For example, to assign the profile to an existing Ethernet interface, select
    , edit the interface, and select the
    NetFlow Profile
    You can export NetFlow records for Layer 3, Layer 2, virtual wire, tap, VLAN, loopback, and tunnel interfaces. For aggregate Ethernet interfaces, you can export records for the aggregate group but not for individual interfaces within the group.
  3. Select
    and define a
    Service Route Configuration
    for the interface that the firewall will use to send NetFlow records.
    You do not have to select the same interface as the one for which the firewall collects NetFlow records. You cannot select the management (MGT) interface to send NetFlow records.
  4. Commit
    your changes.
    You are now ready to monitor the firewall traffic in your NetFlow collector. Refer to your NetFlow collector documentation for instructions.

Recommended For You