Blog :: NetFlow Analyzer :: Network Operations :: Security Operations

Sonicwall NetFlow Analyzer: IPFIX Support

SonicWALL Traffic Analysis

The Sonicwall NetFlow Analyzer supports not only most industry standard IP flow protocols such as sFlow, jFlow, NetFlow, Flexible Netflow, and IPFIX, but it also specializes in sonicOS NetFlow reporting. It is, in my opinion, the best way to get the most out of SonicOS NetFlow.

Besides the traditional flow octets delta count, source and destination ports and source and destination IP addresses; SonicWALL brings more to the table. SonicWALL NetFlow support was introduced in SonicOS 5.8. Some benefits include network planning and monitoring, application and user monitoring, security analysis and more.

The SonicWALL IPFIX analyzer  was specially designed to identify and report on NetFlow data generated by SonicWALL network devices. As illustrated in the following screen capture, reports include:

  • Applications: What applications are consuming your bandwidth? Application example: Skype, Citrix, MSN Messenger, Facebook, etc.Soniwall Traffic Analysis
  • Intrusions, virus and Spyware: Network potential threat detection.
  • Users: When “single sign on” is enabled to grant users access to the internet, SonicWALL NetFlow capable firewalls can export user information to the NetFlow collector allowing reporting on user accounts, user/workstation IP addresses, domain, and user bandwidth consumption.
  • VPN: Details on your VPN tunnels and their traffic.
  • VOIP: VoIP traffic information including: Jitter, Packet loss, Caller ID, Call utilized bandwidth.
  • URLs: Visited web pages.
Among many other features, the NetFlow analysis software also allows the admin to proactively monitor the network. For instance, he can configure inbound thresholds and set up alerts and notifications for threshold violations.

Do you have any experience with SonicWALL IPFIX implementation? If so, let us know in the comments!