Manufacturer: Checkpoint
Model(s): ALL
Version(s): GAIA R81
Notes:
- You can configure Security Gateways and Cluster Members as an Exporter of NetFlow records for all the traffic that passes through.
- A maximum of three NetFlow Gaia sends the NetFlow records go to all configured NetFlowCollectors.
- Netflow v5, v9 and IPFIX are all supported export formats.
Configuration steps
Configuring the NetFlow settings in Gaia Portal
- In the left navigation tree, click Network Management > NetFlow Export.
- In the Collectors section, click Add.
- Enter the required data for each collector
|
Parameter |
Description |
|
IP Address |
The destination IPv4 address, to which Gaia sends the NetFlow packets. Set this IP Address to your Scrutinizer IP address This parameter is mandatory. |
|
UDP Port Number |
The destination UDP port number, on which the collector listens. This parameter is mandatory. NetFlow uses UDP ports 2055, 9555, 9995, 9025, and 9026. IPFIX uses UDP port 4739. |
|
Export Format |
The NetFlow protocol version to use: o Netflow_V5 – Protocol NetFlow v5 o Netflow_V9 – Protocol NetFlow v9 o IPFIX – Known as protocol “NetFlow v10” The default is Netflow_V9. |
|
Source IP address |
The source IPv4 address of the NetFlow packets. This must be an IPv4 address of the local host. The default is an IPv4 address of the network interface, from which Gaia sends the NetFlow packets. We recommend the default. |
|
Enable |
Select this option to enable the configured NetFlow Collector. |
- Click OK.
- In the Advanced Options section, the NetFlow FW rule option controls for which traffic to enable the NetFlow export
|
Scenario |
Instructions |
||
|
You performed a Clean Install of R81 |
o By default (this option is cleared) the NetFlow export is enabled for traffic accepted by all Access Control rules. o You can select this option to enable the NetFlow export only for traffic accepted by Access Control rules with the Track option Log and Accounting you configured in SmartConsole.
|
||
|
You upgraded to R81from R80.40 or lower version |
You must: o Configure select this option in Gaia Portal and click Apply. o Configure the applicable Access Control rules with the Track option Logand Accounting in SmartConsole. |
Configuring the NetFlow settings in Gaia Clish
- Configure a new NetFlow collector:
add netflow collector ip <IPv4 Address of Collector> port <Destination Port on Collector> [srcaddr <Source IPv4 Address>] export-format {Netflow_V5 | Netflow_V9 | IPFIX} enable {yes | no}
- Configure for which traffic to enable the NetFlow export:
set netflow fwrule {1 | 0}
|
Scenario |
Instructions |
||
|
You performed a Clean Install of R81 |
o By default (value 1) the NetFlow export is enabled for traffic accepted by all Access Control rules. o You can configure the value 0 to enable the NetFlow export only for traffic accepted by Access Control rules with the Track option Log and Accounting you configured in SmartConsole.
|
||
|
You upgraded to R81 from R80.40 or lower version |
You must: o Configure the value 0 in Gaia Clish. o Configure the applicable Access Control rules with the Track option Log and Accounting in SmartConsole. |
|
Important – After you add, configure, or delete features, run the “save config” command to save the settings permanently. |
In SmartConsole, configure the explicit Access Control rules
|
Important – This step is necessary only in these cases:
|
- From the left navigation panel, click Security Policies.
- Open the applicable policy.
- In the top left corner, click Access Control > Policy.
- Add an explicit rule for the traffic that you wish to export with NetFlow:
|
Important – In the Track column, you must select Log and Accounting. |
||||||
|
Source |
Destination |
VPN |
Services & Applications |
Content |
Action |
Track |
|
Source |
Destination |
*Any |
Applicable |
* Any |
Accept |
Log Accounting |
- Publish the SmartConsole session.
Install the Access Control policy on the Security Gateway or Cluster object.