Earlier this year Barracuda Networks enabled IPFIX support on their NG Series firewalls. This export provides great visibility into your network traffic as well as network Threat Detection.

Let’s take a moment to go over the configuration to get these exports going:

Step 1 Enable global IPFIX streaming

IPFIX streaming needs to be globally enabled within the General Firewall Configuration.

• Navigate to Config Tree > Box > Infrastructure Services > General Firewall Configuration > Audit and Reporting.
• Set Enable IPFIX/Netflow to YES.

Step 2 Configure the IPFIX Collector

• Click Set… or Edit… (Settings) within the IPFIX Streaming section.
• Select the desired Exporting Mode.  (The most common protocol is UDP.)
• Enter the IP address of the 3rd party IPFIX collector application into the Collector IP field.
• Enter the listening port of the 3rd party IPFIX collector application into the Collector Port field. (Make sure that it is a port that the collector is listening on)

Step 3 Configure Firewall Audit delivery via IPFIX

• Navigate to Config Tree > Box > Infrastructure Services > General Firewall Configuration > Audit and Reporting.
• Set Generate Audit Log to YES.
• Click Set… or Edit… (Audit Log Data) within the IPFIX Streaming section.
• Select Send-IPFIX in the Audit Delivery drop-down menu.

To Enable Streaming HTTP Proxy Access Logs

Global IPFIX streaming should already be globally enabled within the General Firewall Configuration from the step above.

If it isn’t:

• Navigate to Config Tree > Box > Infrastructure Services > General Firewall Configuration > Audit and Reporting.
• Set Enable IPFIX/Netflow to YES.

To configure HTTP Proxy Service

• Navigate to Config Tree > Box > Virtual Servers > <Server Name> > Assigned Services > HTTP Proxy > HTTP Proxy Settings > Basic.
• Set IPFIX Streaming to within the Log Settings section to YES.

Now that that’s done, I want to talk about your overall network security solution.

We all know that enterprise networks are facing ever-increasing security threats from worms, port scans, DDoS, and network misuse. And Barracuda Networks surely provides an effective monitoring solution that quickly detects these activities. But Barracuda, as with most firewall and intrusion detection systems (IDS) are deployed at the edge of the network.

Who is monitoring the traffic traversing laterally on your core?

NetFlow is capable of providing a unique view on the entire traffic of a network at the infrastructure level.

When a network administrator enables the NetFlow export on the routers, switches, and firewalls on the network, the devices in the network essentially become a security probe. Using the flow exports and the right NetFlow reporting solution to detect these activities can be a valuable enhancement to your security solution.

The right analysis tool provides proactive detection of network infrastructure security events, minimizing the time and labor involved in locating and resolving problems.

There is no silver bullet for security detection on large network infrastructure, but with NetFlow we can attain further insight into the traffic crossing your entire network — and make it run better.

Do you want to learn how you can turn your network traffic into a valuable security tool?

Scott Robertson
Sr. Solutions Engineer

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Tags: NetFlow Security Analysis, Network Performance Analysis, Network Threat Detection

This entry was posted on Wednesday, August 22nd, 2012 at 10:38 am and is filed under advanced persistent threats, detect network threats, NetFlow Security, Netflow Traffic Analysis, network security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.