Palo Alto Networks NetFlow support is now available and with the latest version of our NetFlow monitoring solution you can get NAT and also application reporting for this firewall.
Today I’ll be providing step by step instructions on how to configure NetFlow for this device, and also show an example of the extended NetFlow reporting available.
How to configure Palo Alto Networks NetFlow
There are 2 basic steps for configuring the Palo Alto Networks firewall to export NetFlow:
1. Define a NetFlow server profile – this specifies the frequency of the export along with the NetFlow servers that will receive the exported data.
2. Assign the profile to a firewall interface – all traffic flowing over this interface is exported to the specified server(s).
To define a NetFlow server profile, navigate to Device-> Server Profiles-> NetFlow in the GUI. Here you will see the following settings:
Name: Enter a name for the NetFlow settings.
Template Refresh Rate: Specify the number of minutes or number of packets after which the NetFlow template is refreshed (we recommend 1 minute; packets range 1-600, default 20).
Active Timeout: Specify the frequency at which data records are exported for each session (we recommend 1 minute).
Export PAN-OS Specific Field Types: Export PAN-OS specific fields such as App-ID and User-ID in NetFlow records.
Server Name: Specify a name to identify the server.
Server: Specify the host name or IP address of the server.
Port: Specify the port number for server access (default 9996).
Once the NetFlow profile is configured, the next step is to assign the profile to a firewall interface. For this, navigate to Network-> Interfaces-> Ethernet. Click the link for the interface on the Ethernet tab –
Then specify the NetFlow Profile –
With our advanced NetFlow reporting solution, you can get advanced Palo Alto Networks NetFlow reporting such as applications reports – giving you visibility of named applications, rather than reporting the traffic as http(80 TCP); NAT (Network Address Translation) reports; and User reports.
In addition to the advanced NetFlow reporting, the standard NetFlow reports such as conversations, TopN reporting, and also threat detection capabilities are available from Palo Alto Networks NetFlow exports.
For more information on configuring NetFlow on this firewall, see the Palo Alto NetFlow Configuration Guide.
And if you need further assistance with configuring the NetFlow on this firewall, or with accessing the advanced NetFlow reports, please do not hesitate to contact us at 207-324-8805.