• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer
  • Internet Threat Center
  • Blog
  • Contact
  • Weekly Demo
  • Search

Plixer

Network and Security Intelligence Platform

Menu
  • Solutions
    • Overview
      • Incident Response System
      • Behavior Monitoring
      • BYOD Monitoring
      • Voice and Video Monitoring
      • Compliance Assurance
      • Virtualization Visibility
      • Cloud Service Monitoring
    • Industries
      • Education
      • Financial Services
      • Retail
      • Healthcare
      • Service Provider
      • Government
    • Your Role
      • CEO or IT Executive
      • Network Admin
      • Security Analyst
      • Application Engineer
      • VMware and Server Admin
    • Why Plixer
  • Products
    • Scrutinizer
      • Scrutinizer Overview
      • Network Analysis
      • Security Analytics
      • Multi-Tenancy
      • Advanced Reporting
      • Distributed Data Collection
      • Install Options
      • Request a Quote
      • Download Options
      • Trade-In Program
      • Competitor Worksheet
    • Flow Replicator
      • Replicator Overview
      • Flow Replicator Evaluation
    • FlowPro
      • FlowPro Overview
      • FlowPro Evaluation
      • Request a Quote
    • Free Downloads
      • Scrutinizer
      • Flowalyzer
      • IPFIXify
  • Support
    • NetFlow, IPFIX, & sFlow Configuration Guide
    • Available Scrutinizer Updates
    • End of Life Policy
    • Scrutinizer Manual
    • FlowPro Manual
    • Replicator Manual
    • FAQ
    • Services
    • Training Videos
  • Resources
    • White Papers
    • Case Studies
    • Webinars
    • Brochures
    • Solutions Briefs
    • Forensic Investigation Kit
    • Free Book Compliments of Plixer!
  • Partners
      • Partners
        • Find a Partner
        • Become A Partner
        • Partner Login
      • Technology Alliance Partners
        • Additional Integration
        • Cisco Systems
        • Citrix Systems
        • Endace
        • Gigamon
        • Ixia
        • Paessler – PRTG
        • Palo Alto Networks
        • VMware
        • Splunk
  • About
      • Company Overview
      • Awards
      • Our Culture
      • Careers
      • Our Customers
      • Community Outreach
      • Events
      • Press Releases
      • In The News
Home > Blog > Blue Coat MACH5

Blue Coat MACH5 NetFlow Support

07.23.13 by Steve

Good news, the Blue Coat MACH5 NetFlow support is now part of a growing community of vendors supporting NetFlow and or IPFIX.  IPFIX is the official standard for all flow technologies and although interest in the proprietary sFlow technology has begun to shrink over the past few years, the IPFIX standard includes provisions for real-time packet sampling as well.


The MACH5 is a WAN optimization solution and combines protocol acceleration, compression, object and byte caching and QoS to help accelerate key applications.

Setup The Blue Coat MACH5 NetFlow configuration

In the Blue Coat MACH5 NetFlow configuration, you need to define the port and IP address of the flow collector(s), specify which interfaces you want to monitor, and enable NetFlow processing. Below are the steps involved:

  1. Access the MACH5 CLI, with enable (write) access.
  2. Type conf t to go into configuration mode.
  3. Type the following CLI commands to define a flow collector:
    • #(config) netflow
    •  #(config netflow) collectors
    •  #(config netflow collectors) add <IP-address> <port>
    •  Enter the collector’s IPv4 or IPv6 address and the port on which it is listening.
  4. Define additional collectors, if available. You can define up to four collectors. Very cool!
  5. (Optional) If you want to limit the number of flow detail records that are sent to the collector, specify the MACH5 interface(s) that you want to monitor:
    •  #(config netflow collectors) exit
    •  #(config netflow) add <adaptor>:<interface> [in|out|inout]
    •  NetFlow input (in), output (out), or both (inout). If no parameter is specified, the default is used (inout).  I’m assuming that this means ingress and egress metering.  If this is the case, a direction bit needs to be exported.  This is VERY important because the MACH5 is compressing data and users will want to compare the in traffic on interface 1 to the out traffic on interface 2, to verify compression ratios. Please send us a packet capture of your flows and we will verify that the direction bit is being exported.  We have seen this become a problem with Riverbed NetFlow exports as well.
  6. Enable NetFlow processing:
    • #(config netflow) enable

The Blue Coat MACH5 appliance will now send flow detail records of data seen on the specified interface to the defined flow collectors. Flow records are actually bundled together into NetFlow packets; the MACH5 appliance sends a packet to the collector after it reaches the maximum of 30 flow records, or two minutes after the first flow record is collected, whichever comes first.

Verify The Blue Coat MACH5 NetFlow Configuration

Use the show netflow CLI command to verify that the MACH5 appliance is sending flow records.

Bluecoat MACH5 NetFlow

Visit your NetFlow Analyzer to verify that the flows are coming in and give us a shout if you are having any issues. I’m particularly concerned about where it says “or two minutes after the first flow record is collected” because I noticed that there is no active or inactive timer setting in the above configuration and this could lead to spikes in the utilization trends.

I also learned that the Blue Coat Crossbeam security automation solution also supports NetFlow as does the Checkpoint firewall  and the Packeteer PacketShaper. Blue Coat is a company committed to NetFlow and IPFIX technologies!

Categories: Blue Coat MACH5, NetFlow Analyzer Tags: Bluecoat MACH5 NetFlow, NetFlow Analyzer

About Steve

Steve's avatar

Stephen joined Plixer in 2011. Steve’s efforts over the years have helped many customer gain better Visibility and Network Analytics. With more than 5 years of successful technology consultation, Steve has become a thought leader, focusing on how Scrutinizer can be part of a system incorporating other solutions such as Gigamon, Statseeker, Uptime, InfoBlox and Splunk. Firm believer that most organizations will have a larger SDN implementation and greater leveraging the Cloud in the next few years. Steve resides in Scarborough, ME with his wife and two sons.

Reader Interactions

sidebar

Blog Sidebar

Subscribe to our blogs

Recent Posts

  • How to Configure Meraki for SNMP Polling
  • Why ERSPAN is Important for Network Security
  • The dangers of IoT devices and what you should know
  • Real-Time DDoS Detection & Analysis
  • Cisco ASA Access List Reporting

Search Top Blog Categories

Configuration
Cyber Attack
Cybersecurity
Incident Response
IoT
NetFlow Monitoring
Network Monitoring
Network Security
Network Traffic Analysis
Network Traffic Monitoring

All Blog Categories

Footer

Social Media

FacebookTwitterYoutubeLinkedin

68 Main St Ste 4
Kennebunk, ME 04043
+1 (207) 324-8805
+1 (207) 324-8683

Solutions

  • Incident Response System
  • Behavior Monitoring
  • BYOD Monitoring
  • Voice and Video Monitoring
  • Compliance Assurance
  • Virtualization Visibility
  • Cloud Service Monitoring

Products

  • Scrutinizer
    • Network Analysis
    • Security Analytics
    • Multi-Tenancy
    • Advanced Reporting
    • Distributed Data Collection
    • Install Options
    • Request a Quote
    • Download Options
    • Trade-In Program
    • Competitor Worksheet
  • FlowPro
  • Replicator

Support

  • NetFlow, IPFIX & sFlow Configuration Guide
  • Available Scrutinizer Updates
  • End of Life Policy
  • Scrutinizer Manual
  • FlowPro Manual
  • Replicator Manual
  • FAQ
  • Services

Resources

  • White Papers
  • Case Studies
  • Webinars
  • Forensic Investigation Kit
  • Free Book Compliments of Plixer!

Partners

  • Find a Partner
  • Become A Partner
  • Partner Login
  • Technology Alliance Partners
  • Cisco Systems
  • Citrix Systems
  • Endace
  • Gigamon
  • Ixia
  • Paessler – PRTG
  • Palo Alto Networks
  • VMware
  • Splunk

About

  • Company Overview
  • Awards
  • Our Culture
  • Careers
  • Our Customers
  • Community Outreach
  • Press Releases
  • In The News

© 2019 Copyright Plixer, LLC. All Rights Reserved. Terms and Conditions | Privacy Policy