NetFlow data

NetFlow data is a collection of network flow statistics that

  • provides statistics on packets flowing through a router through a Cisco IOS application

  • is available on Cisco networking devices and can also be embedded in Juniper, FreeBSD, and OpenBSD devices, and

  • stores records of flows in a database on the device called the NetFlow cache when NetFlow is enabled on a network device.

NetFlow data processing and usage

A flow, called a connection in the system, is a sequence of packets that represents a session between a source and destination host, using specific ports, protocol, and application protocol. The network device can be configured to export this NetFlow data. In this documentation, network devices configured in this way are called NetFlow exporters.

Managed devices can be configured to collect records from NetFlow exporters, generate unidirectional end-of-connection events based on the data in those records, and finally send those events to the Cloud-Delivered Firewall Management Center to be logged in the connection event database. You can also configure the network discovery policy to add host and application protocol information to the database based on the information in NetFlow connections.

You can use this discovery and connection data to supplement the data gathered directly by your managed devices. This is especially useful if you have NetFlow exporters monitoring networks that your managed devices cannot monitor.