Configure IPFIX Profiles

Learn how to create or edit IPFIX profiles in Prisma SD-WAN.
An IPFIX profile is a global IPFIX configuration object which identifies collector configuration, filter configuration, the template for exporting flow information elements, and flow sampler configuration.
Create or edit an IPFIX profile to apply globally to all sites and devices using the following workflow.
  1. Select an IPFIX template.
    An IPFIX template specifies the information elements to export as part of the flow records.
    1. Select
      Policies
      Stacked Policies
      IPFIX
      Profiles
      and click
      Create Profile
      .
    2. Enter a name for the IPFIX Profile and
      (optional)
      description and tags.
    3. Select a template from the
      IPFIX Template
      drop-down, and click
      Next
      .
      (Optional)
      Click the
      +
      icon next to
      IPFIX Template
      to create a new template.
      You can configure a maximum of 4 collectors per IPFIX profile.
  2. Configure collectors.
    Collectors define the third-party applications which consume the exported flow records.
    1. On the
      Collector
      tab, click
      Add
      to configure a new collector.
    2. Protocol
      — Select the protocol.
    3. IPv4 Address/FQDN Schema
      —Select
      IPv4 Address
      to enter an IPv4 address of the collector in the
      Host
      field or select
      FQDN Schema
      to enter the domain name of the IPFIX collector in the
      Host
      field.
      You can enter either an IPv4 address or an FQDN. Entering one of them is mandatory.
    4. (Optional)
      IPFIX Collector Context
      —Select a collector context from the drop-down.
      The device uses the IP address of the interface to which the collector context is bound as the source interface to export IPFIX flow records.
      If you do not bind a collector context to an interface, the device uses the controller port by default to establish the connection with the third-party collector. For platforms that do not have a controller port, it is mandatory to specify a collector context and bind it to an interface.
    5. Host Port
      —Enter a port number to match the port on which the collector is configured to receive IPFIX records.
    6. Click
      Done
      .
  3. (Optional)
    Configure filters.
    Configure filters to select a subset of flows from all the observed flows to export to a collector. The criteria for filtering can be protocols, applications, source interface filter contexts, and source and destination port ranges. You can configure a maximum of 8 filters per IPFIX profile.
    1. On the
      Filters
      tab, click
      Add
      to create a new filter.
    2. (Optional)
      Select a protocol from the
      Protocols
      drop-down.
      If you select
      TCP
      or
      UDP
      as the protocol, you can associate
      Source Port Ranges
      and
      Destination Port Ranges
      with the protocols. If you do not select any protocol, the device allows all protocols.
    3. (Optional)
      Select an application from the
      Applications
      drop-down to filter flow records for the selected applications.
      A blank value indicates that flow records from all applications are allowed.
      If you do not select any application, the device allows all applications.
    4. (Optional)
      Select a
      Filter Context
      to map to an interface on the ION device.
      If you configure a filter context and use it in a profile, you must attach the IPFIX filter context to an interface on the ION device for proper IPFIX export of the flow records.
    5. (Optional)
      Select a
      Source Prefix
      and
      Destination Prefix
      filter to match.
      The prefixes can be local or global. If nothing is selected, the device allows flow records from all prefixes.
    6. (Optional)
      Select
      Source Port Ranges
      and
      Destination Port Ranges
      if applicable for TCP and UDP protocols.
      The device evaluates the values in these fields only if the flows are TCP or UDP. The device ignores the values for all other protocols.
    7. Click
      Done
      .
  4. (Optional)
    Enable sampling.
    Enable sampling to select a subset of flows to export from all the observed flows. The device forwards this subset to the filtering process to perform further selection if filters are configured.
    1. Enter a value for
      Export Cache Timeout
      between 10 and 600 seconds.
      Export Cache Timeout specifies the time for which the ION device should cache a new flow record before exporting it. The default value is 30 seconds.
    2. (Optional)
      Select the
      Enable Sampling
      check box to choose a sampling algorithm.
      Disabling sampling exports IPFIX information for all flows.
      Select a
      time-based
      algorithm to configure the duration for sampling. If you select a
      time-based
      Algorithm
      , enter values in milliseconds for
      Time Interval
      and
      Time Spacing
      .
      Time Interval
      indicates the length of the sampling interval during which flows are selected. The default value is 5 ms.
      Time Spacing
      indicates the spacing between the end of one sampling interval and the start of the next sampling interval. The default value is 5 ms.
      The sampling rate is defined by Time Interval / (Time Interval + Time Spacing). The default values give a 50% sampling rate.
    3. Submit
      the configured IPFIX profile.

Recommended For You