: Configure Prisma SD-WAN IPFIX

Configure Prisma SD-WAN IPFIX

Table of Contents

Configure Prisma SD-WAN IPFIX

Configure Prisma SD-WAN IPFIX (provides network and application visibility by transmitting flow information to an external collector) globally for multiple or for a single ION device.
Prisma SD-WAN
IPFIX provides network and application visibility by transmitting flow information to an external collector. This increased awareness allows for more efficient network operations, decreased operation costs, and better utilization of the network infrastructure.
IPFIX monitors traffic across the network by collecting traffic records at different points in the network. The ION device exports these flow records to third-party collector applications. The IPFIX implementation and the terms used are based on the guidelines outlined in RFC 7011 (https://tools.ietf.org/html/rfc7011). You can use the exported IPFIX records for various purposes such as network management and planning, optimized troubleshooting, enterprise accounting, studying trends in performance metrics, data mining, understanding network anomalies, and protecting the network from security vulnerabilities.
Configure IPFIX to apply to all sites and devices globally or configure IPFIX for an ION device to override the global IPFIX configuration.
  • Configure IPFIX globally for multiple ION devices.
    Configure IPFIX globally by creating an IPFIX profile and attaching it to multiple ION devices.
    1. To verify that you have pushed the IPFIX profile to a device, select
      Edit a profile
      View Device Bindings
      . The IPFIX configuration bound to the device displays in the
      Device Binding
  • Configure IPFIX on a device to override the global IPFIX profile settings.
    You can optionally configure device specific IPFIX parameters to override parameters such as collectors, filters, and sampling configured in an IPFIX profile.
    1. Select
      Select a device
      Configure the device
    2. Enter a name and select a profile from the
      IPFIX Profile
      drop-down and
    3. (Optional)
      Click the
      icon next to
      IPFIX Profile
      to create an IPFIX profile.
      • When you create a new profile at the device level, it becomes a part of the global profiles and you can use it for multiple devices.
      • You can optionally configure an IPFIX templat, configure collectors, filters and sampling on the ION device to override the parameters configured in the IPFIX profile.
      The ION device uses the collectors, filters, and sampling configured in the IPFIX profile, unless you provide optional overriding configuration.

Configure High Availability (HA) for IPFIX

Prisma SD-WAN
supports High Availability (HA) between ION devices by ensuring automatic switchover between active and backup devices, maintaining all services and forwarding paths when an ION device experiences a software, hardware, or network related failure.
To ensure uninterrupted IPFIX exports, replicate the IPFIX configuration on both devices.
  1. Configure interfaces.
    Configure interfaces as per the network topology.
  2. Configure and attach the same IPFIX profile to both the ION devices.
  3. Attach the collector context to both the ION devices.
  4. (Optional)
    If using filters, attach the filter context to both the ION devices.
    After a device switchover, the collector application receives IPFIX records from the new source interface, so this is considered as a new IPFIX session.

Recommended For You