Blog :: Network Operations :: Security Operations

Palo Alto Networks: NetFlow Reports

Palo Alto Networks next-generation firewalls provide NetFlow reports that enable IT organizations to monitor network access by easily identifying and trend the type of traffic running on their networks.

Brian Davenport, our Mid-West region Sales Manager, and I were recently talking about the cool application visibility Palo Alto Networks provides and thought that it would be a good idea to blog about some of the reports.

Leveraging NetFlow exported from the Palo Alto Firewall, you compliment what you use with Application Command Center in that  you can create custom reports to monitor network access that:

Identify Top Applications and Users on the network

Palo Alto does a deep packet analysis to identify actual applications such as Skype, BitTorrent, Webex and more. You can dynamically filter reports on specific UserID or application.

Palo Alto Networks: Application Visibility

Report on Host Network Address Translations (NAT)

Correlate public to private IP addresses to gain visibility into who the actual source/destination host is for the conversations going in and out of your network.

Palo Alto Networks: NAT Reporting


Dynamically Report and Filter on any conversation taking place on the network

Our advanced NetFlow reporting solution provides support for all of the flow technologies, giving you a more holistic, multi-vendor view of your entire network. You can collect 100% of the export data that can be stored for weeks, months, and years. Over 100 predefined report filters gives you easy access to the information that you are looking for, and lets you to specify reports that cover any time frame.

You can easily:
  • Trend traffic patterns for any time frame.
  • Troubleshoot “old” events
  • Know the Who, What, and Where, and HOW often
  • Create custom reports that work for you.

Proactively monitor traffic for suspicious behavior like DoS attacks, Port Scans, and Internet Threats.

By collecting flows from all of the Routers, Switches, and Firewalls on the network you essentially turn every device in your network into a security probe. Flow Analytics™ analyzes every conversation traversing the network. It can trigger alarms for such behaviors as worms, DoS attacks, network scanning, and known compromised internet hosts. Once alarms are generated, administrators notified, and repeat offenders can be identified.  This added layer of security is pattern based not signature reliant.

NetFlow also complements all of your packet analysis and SIEM tools to provide a powerful monitoring solution.

Using our advanced NetFlow reporting capabilities, you can easily pinpoint traffic of interest, before using a packet-based data solution to perform a “deeper dive” to address performance-affecting issues.

So what have we learned?

NetFlow reporting from a Palo Alto Networks firewall provides:

  • Rich Application and User visibility.
  • Reporting on Enterprise Application usage and performance monitoring.
  • Network Behavior Analysis and alarming.
  • Network capacity usage, trending and planning.
  • Custom reporting to meet your needs.

A majority of Next Gen Firewall vendors are incorporating NetFlow analysis in their solution. What kind of visibility are you looking for?