In a “Bring-Your-Own-Everything” world, it has become even more of a challenge keeping users in check while developing an agile corporation that moves with the times. The only way for security to be effective is when it is seamless for both users and administrators.

Stormshield offers innovative end-to-end security solutions worldwide to protect networks (Stormshield Network Security), workstations (Stormshield Endpoint Security), and data (Stormshield Data Security).

These next-generation trusted solutions, certified at the highest level in Europe (EU RESTRICTED, NATO, and ANSSI EAL4+), ensure the protection of strategic information and are deployed through a partner network of distributors, integrators, and operators in businesses of all sizes, government institutions, and defense organizations worldwide.

Stormshield Network

As a trusted vendor, Stormshield deploys technologies tha have been awarded certifications and qualifications that guarantee an adapted level of protection for the strategic data of even the most sensitive corporations and organizations.

With modern threats bypassing conventional protection systems as routinely as they do, a new approach to security is imperative. Stormshield Network Security solutions are built upon the concept of multi-layer collaborative security. This holistic model, based on the active collaboration between the security engines on their various solutions, marks the future of information system defense in depth.

With the advent of Stormshield Network Security (SNS) version 3.0, they have included IPFIX/NetFlow in network analyses (latency, congestion, etc.). Being the forefront of network analysis, Plixer has been able to ingest the IPFIX template records of the SNS devices. Provided you have SNS v3.0 you also can send IPFIX/NetFlow to Scrutinizer and allow you to report on it.

Scrutinizer Reports

As you can see here, we can ingest and provide Plixer-built reports on your IPFIX data from your Stormshield deployment. As we continue to work with Stormshield, we will continue to provide more and more reports and elements.

Configuration (HMI)

In « Notifications » → « Logs – Syslog – IPFIX » → « IPFIX » tab: administrators are allowed to enable the IPFIX feature as follows:

IPFIX Configuration

« IPFIX » tab description from the SNS user guide:

IPFIX

On each filtering rule, administrators are allowed to enable log level (minor, major) and its destination (disk, syslog, IPFIX):

→ Edit a filtering rule, configure log level in « General » tab of rule action

Configure log level

This log level configuration (at the filtering rule level) will enable or disable filtering logs (l_filter) and alarms logs (l_alarm) for each connection matching the rule.

→ Then, configure logs destination in « Advanced properties » of rule action

Configure logs destination

This log destination configuration (at the filtering rule level) will enable or disable filtering logs (l_filter) and alarms logs (l_alarm) for IPFIX.

Templates

Four templates are defined by default:

  • IPv4 connections without address translation (NAT)
  • IPv4 connections with NAT
  • – IPv6 connections
  • – alarms

Try Stormshield in Scrutinizer today!

 

 

Brandon Pendleton

Brandon Pendleton

Brandon comes from 10 years of experience in the MSP and ISP world with an emphasis on technical support and customer service. He and his family enjoy fishing, hunting and traveling as much as they can. When it comes to technology, Brandon immerses his family and himself in it as much as possible; however, family time involves no technology as much as possible.

Related