NetFlow

The NetFlow feature enables you to collect IP network traffic information as it enters or exits an interface. The collected traffic information is sent as collected records to a NetFlow Collector server or NetFlow Analyzer. You can analyze the data from NetFlow and determine information, such as source and destination of traffic, class of service, traffic pattern, bandwidth usage, type of traffic, traffic volume, and the causes of the congestion.

With the native NetFlow configuration support, the traffic information collection that was enabled through syslogs flow exports has to be disabled.

The NetFlow provides the option to configure the flow exporter and collectors along with flow event types that must be monitored.

Procedure

Step 1

Choose Devices > Platform Settings and create or edit the threat defense policy.

Step 2

Select NetFlow.

Step 3

Enable the Enable Flow Export toggle to enable NetFlow data export.

Step 4

Configure the general NetFlow parameters that controls the frequency of events pushed to the collector.

  1. Active Refresh Interval—For active connections, specify the time interval (in minutes) between flow-update events.

  2. Delay Flow Create—Specify the delay (in seconds) before sending a flow-create event. If you do not enter any value, there is no delay and the flow-create event is exported as soon as the flow is created.

  3. Template Timeout Rate—Specify the time interval (in minutes) at which the template records are sent to the collectors.

Step 5

Click Add Collector to configure the collector. See Add Collector in NetFlow.

Step 6

Click Add Traffic Class to configure the traffic class. See Add Traffic Class to NetFlow.

Step 7

Click Save.

You can now go to Deploy > Deployment and deploy the policy to assigned devices. The changes are not active until you deploy them.