Filter
Top Products
Log > Flow Reporting
1373
SonicOS 5.8.1 Administrator Guide
• External Collector’s IP address—Type in the external collector IP address to which the
appliance will generate flow reports. This IP address must be reachable from the firewall.
If this IP address is over a VPN tunnel, then the source IP must also be specified.
• Source IP To Use For Collector On A VPN tunnel—If the collector specified in the
previous field is reachable via a VPN tunnel, then type in the source IP address that
matches the correct VPN policy. Use the source IP from the local network specified in the
VPN policy. If this field has a value entered, Netflow and IPFIX packets will always take the
VPN path.
• External Collector’s UDB Port Number—Enter the UDP port number on which the
collector is listening for IPFIX or Netflow packets. The default port is 2055.
• Send IPFIX/Netflow Templates At Regular Interval—Select this checkbox to send IPFIX
templates at regular intervals. This is available for reporting modes IPFIX or IPFIX with
extensions. IPFIX uses templates that must be known to an external collector before
sending data. Per IETF, a reporting device must be capable of sending templates at a
regular interval to keep the collector in sync with the device. If the collector is not needed,
you may disable it here. The default is enabled.
• Send Static AppFlow At Regular Interval—Select this checkbox to send IPFIX static
tables at regular intervals. This is available for the IPFIX with extensions reporting mode.
The default is enabled.
–
Send Static AppFlow For Following Tables—In IPFIX with extensions mode, the
firewall can asynchronously generate these static mapping tables to bring the external
collector in sync. This is necessary when the collector is initialized later than the
firewall.
When running in IPF
IX with extensions mode, SonicWALL reports multiple types of
data to an external device in order to correlate User, VPN, Application, Virus, etc. In
this mode, data is both static and dynamic. Static tables are needed once since they
rarely change. Depending on the capability of the external collector, not all static tables
are needed. You can select the tables needed in this section.
If Send
Static AppFlow At Regular Interval is selected, then only the selected flows
will be generated. Select any of the following mapping tables from this drop-down list
and then click Generate Static AppFlow Data at the top of the screen:
• Applications
• Viruses
• Spyware
• Intrusions
• Location Map
• Services
• Rating Map
• Table Map
• Column Map
• Send Dynamic AppFlow For Following Tables—In IPFIX with extensions mode, the
firewall can be configured to generate reports for selected tables. Because the firewall does
not cache this information, some flows that are not sent may create failures in correlating
flows with related data. Select any of the following tables to send:
–
Connections
–
Users
–
URLs