In Scrutinizer v8.5 we released BETA support for SonicWALL IPFIX with Extensions. The SonicWALL NetFlow Configuration is pretty much configured the same way and is also supported.

The IPFIX support released from SonicWALL is extensive and reminds me a bit of Flexible NetFlow and NetFlow option templates.  Below you see a partial list of the SonicWALL IPFIX Extensions and noticed that there is only one ‘Flows’ template.  The other templates may or may not be directly related to the Flows table. Our IPFIX consulting team worked with the developers at SonicWALL to deliver an architecture that is absolutely first rate for advanced traffic reporting. As I explain, you may find it similar to what we see from NetFlow NBAR, Cisco Performance Monitoring and the nBox NetFlow probe.

Reporting on SonicWALL IPFIX often requires cross-referencing the templates.  For example, the SonicWALL supports something called “Application Recognition”.  Reporting on this involves matching up the Flows template with the Applications template:

Notice above that the SonicWALL application recognition list is similar to NetFlow NBAR.  The hardware can look at a series of packets to determine the actual application of the flow.  This is very important when trying to detect traffic such as Facebook or Skype.  I think you will find more and more hardware companies supporting these types of technologies.  Hopefully, the future of sFlow is working on something similar.

In a second example, I noticed that we had traffic coming from Pandora.com.  I wanted to find out what and who was being downloaded.  I filtered on Pandora.com, found out who was involved and then filtered on the source and destination IP addresses before changing the report to top URLs:

SonicWALL did a great job on their exports and together we are still working out a few minor issues.  If you are looking for a Firewall with NetFlow or IPFIX support, check out SonicWALL.  The Cisco ASA is not the only player now in the NetFlow space!  Join us on March 2nd @ 2PM for the SonicWALL / Plixer webcast titled “Enabling Application Intelligence”.

Make sure you also watch the video on tracking wireless handhelds such as the iPhone via MAC address with IPFIX from the SonicWALL.  Contact us if you have any questions.

Mike Patterson author pic

Michael

Michael is one of the Co-founders and the former product manager for Scrutinizer. He enjoys many outdoor winter sports and often takes videos when he is snowmobiling, ice fishing or sledding with his kids. Cold weather and lots of snow make the best winters as far as he is concerned. Prior to starting Somix and Plixer, Mike worked in technical support at Cabletron Systems, acquired his Novell CNE and then moved to the training department for a few years. While in training he finished his Masters in Computer Information Systems from Southern New Hampshire University and then left technical training to pursue a new skill set in Professional Services. In 1998 he left the 'Tron' to start Somix which later became Plixer.

Related

Big Data

Sankey Flow Graph

One of the greatest benefits of NetFlow collection for traffic analysis, is we’re provided with the ability to visualize the…

Leave a Reply