In Scrutinizer v8.5 we released BETA support for SonicWALL IPFIX with Extensions. The SonicWALL NetFlow Configuration is pretty much configured the same way and is also supported.
The IPFIX support released from SonicWALL is extensive and reminds me a bit of Flexible NetFlow and NetFlow option templates. Below you see a partial list of the SonicWALL IPFIX Extensions and noticed that there is only one ‘Flows’ template. The other templates may or may not be directly related to the Flows table. Our IPFIX consulting team worked with the developers at SonicWALL to deliver an architecture that is absolutely first rate for advanced traffic reporting. As I explain, you may find it similar to what we see from NetFlow NBAR, Cisco Performance Monitoring and the nBox NetFlow probe.
Reporting on SonicWALL IPFIX often requires cross-referencing the templates. For example, the SonicWALL supports something called “Application Recognition”. Reporting on this involves matching up the Flows template with the Applications template:
Notice above that the SonicWALL application recognition list is similar to NetFlow NBAR. The hardware can look at a series of packets to determine the actual application of the flow. This is very important when trying to detect traffic such as Facebook or Skype. I think you will find more and more hardware companies supporting these types of technologies. Hopefully, the future of sFlow is working on something similar.
In a second example, I noticed that we had traffic coming from Pandora.com. I wanted to find out what and who was being downloaded. I filtered on Pandora.com, found out who was involved and then filtered on the source and destination IP addresses before changing the report to top URLs:
SonicWALL did a great job on their exports and together we are still working out a few minor issues. If you are looking for a Firewall with NetFlow or IPFIX support, check out SonicWALL. The Cisco ASA is not the only player now in the NetFlow space! Join us on March 2nd @ 2PM for the SonicWALL / Plixer webcast titled “Enabling Application Intelligence”.
Make sure you also watch the video on tracking wireless handhelds such as the iPhone via MAC address with IPFIX from the SonicWALL. Contact us if you have any questions.