Astaro IPFIX Reporting: Astaro NetFlow Support

Posted in advanced persistent threats, detecting malware, IPFIX, NetFlow, Network Traffic Monitor on August 20th, 2012 by Brian
Astaro IPFIX Reporting: Astaro NetFlow Support
Buffer

Apparently some of our customers are calling in asking for Astaro IPFIX Reporting support.  It’s always fun to work with a new flow vendor and in this case Sophos who acquired Astaro is exporting IPFIX instead of NetFlow.  Going with IPFIX of course was a very smart decision especially since they are exporting some interesting unique elements.

Some interesting Astaro IPFIX elements include:

  • octetTotalCount as well as OctetDeltaCount
  • IPv6 Support
  • No export of the ingress or egress interface which is needed in many reporting packages except of course our NetFlow Solution.
  • There is afcProtocol element which was in some of the flow templates and I believe it is an ID which links the flow to the afcProtocolName in an options template.

I picked up the above details by peering into their eight different templates – WOW!

Astaro IPFIX Support

You can enable netflow under “Logging&Reporting>>Reporting Settings” on the “Settings” Tab. It’s the last section, so you have to scroll down a bit. It is labeled “IPFIX Accounting”. Very soon the IPFIX will be coming into our NetFlow collector where we can not only provide reports but, we can also help with detecting Advanced Persistent Threats and other types of malware. If all goes well in the next few weeks, we’ll add this device to our NetFlow Training  class that is coming to a city near you!

Anyway, if you are looking to do some network traffic monitoring using the IPFIX exports from your Sophos Astaro Security Gateway, reach out to our NetFlow team. We’ll get you setup.

Brian

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Tags: , , , , , ,

This entry was posted on Monday, August 20th, 2012 at 6:45 am and is filed under advanced persistent threats, detecting malware, IPFIX, NetFlow, Network Traffic Monitor. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Astaro IPFIX Reporting: Astaro NetFlow Support”

  1. IPFIX Flow Data Analyzer? - Astaro User Bulletin Board Says:
    November 4th, 2012 at 2:16 pm

    [...] (permalink)   Today, 07:16 PM Hello, Scrutinizer from Plixer supports the Astaro IPFIX [...]

Leave a Reply

CAPTCHA Image
*