Welcome!

Blog Feed Post

How to configure Palo Alto Networks NetFlow

Palo Alto Networks NetFlow support is now available and with the latest version of our NetFlow monitoring solution you can get NAT and also application reporting for this firewall.

Today I’ll be providing step by step instructions on how to configure NetFlow for this device, and also show an example of the extended NetFlow reporting available.

How to configure Palo Alto Networks NetFlow

There are 2 basic steps for configuring the Palo Alto Networks firewall to export NetFlow:

1.  Define a NetFlow server profile – this specifies the frequency of the export along with the NetFlow servers that will receive the exported data.

2.  Assign the profile to a firewall interface - all traffic flowing over this interface is exported to the specified server(s).

 

Step 1

To define a NetFlow server profile, navigate to Device-> Server Profiles-> NetFlow in the GUI. Here you will see the following settings:

Name: Enter a name for the NetFlow settings.

Template Refresh Rate: Specify the number of minutes or number of packets after which the NetFlow template is refreshed (we recommend 1 minute; packets range 1-600, default 20).

Active Timeout: Specify the frequency at which data records are exported for each session (we recommend 1 minute).

Export PAN-OS Specific Field Types: Export PAN-OS specific fields such as App-ID and User-ID in NetFlow records.

Server Name: Specify a name to identify the server.

Server: Specify the host name or IP address of the server.

Port: Specify the port number for server access (default 9996).

 

Palo Alto NetFlow Servers

 

Step 2

Once the NetFlow profile is configured, the next step is to assign the profile to a firewall interface. For this, navigate to Network-> Interfaces-> Ethernet. Click the link for the interface on the Ethernet tab -

 

Palo Alto NetFlow interface configuration

Then specify the NetFlow Profile -

Palo Alto interface NetFlow profile configuration

 

With our advanced NetFlow reporting solution, you can get advanced Palo Alto Networks NetFlow reporting such as applications reports – giving you visibility of named applications, rather than reporting the traffic as http(80 TCP); NAT (Network Address Translation) reports; and User reports.

Palo Alto Networks Application reports

 

In addition to the advanced NetFlow reporting, the standard NetFlow reports such as conversations, TopN reporting, and also threat detection capabilities are available from Palo Alto Networks NetFlow exports.

 

For more information on configuring NetFlow on this firewall, see the Palo Alto NetFlow Configuration Guide.

And if you need further assistance with configuring the NetFlow on this firewall, or with accessing the advanced NetFlow reports, please do not hesitate to contact us at 207-324-8805.

 


Joanne Ghidoni
Sr. Solutions Engineer

For a free 30 day trial of Scrutinizer, Download Now

Sign up for Advanced NetFlow Training coming to a city near you!

Read the original blog entry...

More Stories By Michael Patterson

Michael Patterson, is the founder & CEO of Plixer and the product manager for Scrutinizer NetFlow and sFlow Analyzer. Prior to starting Somix and Plixer, Mike worked in a technical support role at Cabletron Systems, acquired his Novell CNE and then moved to the training department for a few years. While in training he finished his Masters in Computer Information Systems from Southern New Hampshire University and then left technical training to pursue a new skill set in Professional Services. In 1998 he left the 'Tron' to start Somix and Plixer.

Latest Stories
There is an ever-growing explosion of new devices that are connected to the Internet using “cloud” solutions. This rapid growth is creating a massive new demand for efficient access to data. And it’s not just about connecting to that data anymore. This new demand is bringing new issues and challenges and it is important for companies to scale for the coming growth. And with that scaling comes the need for greater security, gathering and data analysis, storage, connectivity and, of course, the...
The IoTs will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform. In his session at @ThingsExpo, Craig Sproule, CEO of Metavine, will demonstrate how to move beyond today's coding paradigm and share the must-have mindsets for removing complexity from the development proc...
Redis is not only the fastest database, but it has become the most popular among the new wave of applications running in containers. Redis speeds up just about every data interaction between your users or operational systems. In his session at 18th Cloud Expo, Dave Nielsen, Developer Relations at Redis Labs, will shares the functions and data structures used to solve everyday use cases that are driving Redis' popularity.
Much of the value of DevOps comes from a (renewed) focus on measurement, sharing, and continuous feedback loops. In increasingly complex DevOps workflows and environments, and especially in larger, regulated, or more crystallized organizations, these core concepts become even more critical. In his session at @DevOpsSummit at 18th Cloud Expo, Andi Mann, Chief Technology Advocate at Splunk, will show how, by focusing on 'metrics that matter,' you can provide objective, transparent, and meaningfu...
Many private cloud projects were built to deliver self-service access to development and test resources. While those clouds delivered faster access to resources, they lacked visibility, control and security needed for production deployments. In their session at 18th Cloud Expo, Steve Anderson, Product Manager at BMC Software, and Rick Lefort, Principal Technical Marketing Consultant at BMC Software, will discuss how a cloud designed for production operations not only helps accelerate developer...
Artificial Intelligence has the potential to massively disrupt IoT. In his session at 18th Cloud Expo, AJ Abdallat, CEO of Beyond AI, will discuss what the five main drivers are in Artificial Intelligence that could shape the future of the Internet of Things. AJ Abdallat is CEO of Beyond AI. He has over 20 years of management experience in the fields of artificial intelligence, sensors, instruments, devices and software for telecommunications, life sciences, environmental monitoring, process...
Manufacturers are embracing the Industrial Internet the same way consumers are leveraging Fitbits – to improve overall health and wellness. Both can provide consistent measurement, visibility, and suggest performance improvements customized to help reach goals. Fitbit users can view real-time data and make adjustments to increase their activity. In his session at @ThingsExpo, Mark Bernardo Professional Services Leader, Americas, at GE Digital, will discuss how leveraging the Industrial Interne...
Increasing IoT connectivity is forcing enterprises to find elegant solutions to organize and visualize all incoming data from these connected devices with re-configurable dashboard widgets to effectively allow rapid decision-making for everything from immediate actions in tactical situations to strategic analysis and reporting. In his session at 18th Cloud Expo, Shikhir Singh, Senior Developer Relations Manager at Sencha, will discuss how to create HTML5 dashboards that interact with IoT devic...
The IETF draft standard for M2M certificates is a security solution specifically designed for the demanding needs of IoT/M2M applications. In his session at @ThingsExpo, Brian Romansky, VP of Strategic Technology at TrustPoint Innovation, will explain how M2M certificates can efficiently enable confidentiality, integrity, and authenticity on highly constrained devices.
We're entering the post-smartphone era, where wearable gadgets from watches and fitness bands to glasses and health aids will power the next technological revolution. With mass adoption of wearable devices comes a new data ecosystem that must be protected. Wearables open new pathways that facilitate the tracking, sharing and storing of consumers’ personal health, location and daily activity data. Consumers have some idea of the data these devices capture, but most don’t realize how revealing and...
Struggling to keep up with increasing application demand? Learn how Platform as a Service (PaaS) can streamline application development processes and make resource management easy.
SYS-CON Events announced today that Ericsson has been named “Gold Sponsor” of SYS-CON's @ThingsExpo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. Ericsson is a world leader in the rapidly changing environment of communications technology – providing equipment, software and services to enable transformation through mobility. Some 40 percent of global mobile traffic runs through networks we have supplied. More than 1 billion subscribers around the world re...
In the world of DevOps there are ‘known good practices’ – aka ‘patterns’ – and ‘known bad practices’ – aka ‘anti-patterns.' Many of these patterns and anti-patterns have been developed from real world experience, especially by the early adopters of DevOps theory; but many are more feasible in theory than in practice, especially for more recent entrants to the DevOps scene. In this power panel at @DevOpsSummit at 18th Cloud Expo, moderated by DevOps Conference Chair Andi Mann, panelists will dis...
We’ve worked with dozens of early adopters across numerous industries and will debunk common misperceptions, which starts with understanding that many of the connected products we’ll use over the next 5 years are already products, they’re just not yet connected. With an IoT product, time-in-market provides much more essential feedback than ever before. Innovation comes from what you do with the data that the connected product provides in order to enhance the customer experience and optimize busi...
The increasing popularity of the Internet of Things necessitates that our physical and cognitive relationship with wearable technology will change rapidly in the near future. This advent means logging has become a thing of the past. Before, it was on us to track our own data, but now that data is automatically available. What does this mean for mHealth and the "connected" body? In her session at @ThingsExpo, Lisa Calkins, CEO and co-founder of Amadeus Consulting, will discuss the impact of wea...