Over the last five years or so, I have noticed that one of the major topics we get requests for is Bluecoat NetFlow support. While it may surprise many, we have supported Bluecoat exports for quite some time; in fact, if you look back, and that’s what I intend to do, you will see that we’ve supported Bluecoat for years. We have a good deal of information, see below, and my goal is to help you find what you are looking for in this Bluecoat NetFlow support recap.
Can I configure NetFlow/IPFIX with my Blue Coat device?
Bluecoat provides a number of security and networking solutions. Many of which support NetFlow or IPFIX. Let me go over a few of these devices, but first, let me define one thing. IPFIX is the official standard for all flow technologies and the IPFIX standard includes provisions for real-time packet sampling as well. With this standard, comes additional opportunities for vendors to support a wide variety of devices.
[Now back to my point].
One such opportunity is Bluecoat MACH5. The MACH5 is a WAN optimization solution and combines protocol acceleration, compression, object and byte caching and QoS to help accelerate key applications. In a previous article Steve goes through the process of configuring the MACH5 to export flow data. Having the ability to collect flow data through your WAN optimizer is great because it allows you to see how the traffic changed on one device, rather than looking at two or more devices to see how the flows changed from one interface to another. Further, a major benefit of the MACH5 is that you define flow exports for both ingress and egress, which will let you know when and how flows are changing.
Another opportunity to gain the benefits of flow data is with the Bluecoat Packet Shaper. While most people know you can export data with Packeteer, many people are not aware that you can export NetFlow v5, too. What’s this mean to you? Well, it means you no longer have to use Blue Coats’ IntelligenceCenter for your Packeteer exporting. You can now use a third party collector to collect your data and provide additional benefits. You can also tie syslog details to your NetFlow exports, providing you URL information. This lets you drill in even further than you otherwise would be able to.
Finally, XOS can generate NetFlow data on the X-Series Platform and forward flows to one or more external NetFlow collectors for analysis. This enables Crossbeam NetFlow support. Brian wrote a great article last year that discusses how to configure XOS to export flow data.
If you have any questions on how you can set up your Blue Coat devices to export flow data, reach out to our fantastic support team. They can give you excellent direction on setting up your devices.
Sources:
Bluecoat Crossbeam NetFlow Support
Blue Coat MACH5 NetFlow Support
Blue Coat NetFlow Support : Packet Shaper FDR Exports
