Apparently some of our customers are calling in asking for Astaro IPFIX Reporting support. It’s always fun to work with a new flow vendor and in this case Sophos who acquired Astaro is exporting IPFIX instead of NetFlow. Going with IPFIX of course was a very smart decision especially since they are exporting some interesting unique elements.
Some interesting Astaro IPFIX elements include:
- octetTotalCount as well as OctetDeltaCount
- IPv6 Support
- No export of the ingress or egress interface which is needed in many reporting packages except of course our NetFlow Solution.
- There is afcProtocol element which was in some of the flow templates and I believe it is an ID which links the flow to the afcProtocolName in an options template.
I picked up the above details by peering into their eight different templates – WOW!
You can enable netflow under “Logging&Reporting>>Reporting Settings” on the “Settings” Tab. It’s the last section, so you have to scroll down a bit. It is labeled “IPFIX Accounting”. We would like to add support for Astaro IPFIX in our NetFlow Collector however despite our efforts, Sophos is not getting back to us. Hopefully they will see this post. In the mean time, if you need reports on this export, give us a call, we’ll help you with the report designer to create the reports you need.
This export can still be used with some of our Flow Analytics which can help with detecting Advanced Persistent Threats and other types of malware. If all goes well in the next few weeks, we’ll add this device to our NetFlow Training class that is coming to a city near you!
Anyway, if you are looking to do some network traffic monitoring using the IPFIX exports from your Sophos Astaro Security Gateway, reach out to our NetFlow team. We’ll get you setup.Brian
For a free 30 day trial of Scrutinizer, Download Now!
Sign up for Advanced NetFlow Training™ coming to a city near you!Tags: astaro ipfix, detecting advanced persistent threats, network traffic monitoring