Apparently some of our customers are calling in asking for Astaro IPFIX Reporting support. It’s always fun to work with a new flow vendor and in this case Sophos who acquired Astaro is exporting IPFIX instead of NetFlow. Going with IPFIX of course was a very smart decision especially since they are exporting some interesting unique elements.
Some interesting Astaro IPFIX elements include:
- octetTotalCount as well as OctetDeltaCount
- IPv6 Support
- No export of the ingress or egress interface which is needed in many reporting packages except of course our NetFlow Solution.
- There is afcProtocol element which was in some of the flow templates and I believe it is an ID which links the flow to the afcProtocolName in an options template.
I picked up the above details by peering into their eight different templates – WOW!
You can enable netflow under “Logging&Reporting>>Reporting Settings” on the “Settings” Tab. It’s the last section, so you have to scroll down a bit. It is labeled “IPFIX Accounting”. Very soon the IPFIX will be coming into our NetFlow collector where we can not only provide reports but, we can also help with detecting Advanced Persistent Threats and other types of malware. If all goes well in the next few weeks, we’ll add this device to our NetFlow Training class that is coming to a city near you!
Anyway, if you are looking to do some network traffic monitoring using the IPFIX exports from your Sophos Astaro Security Gateway, reach out to our NetFlow team. We’ll get you setup.Brian
For a free 30 day trial of Scrutinizer, Download Now!
Sign up for Advanced NetFlow Training™ coming to a city near you!Tags: afcProtocol, afcProtocolName, astaro ipfix, conntrack_id, conntrack_Mark, detecting advanced persistent threats, network traffic monitoring