?
Solved

NETFLOW requirements

Posted on 2011-09-19
2
Medium Priority
?
318 Views
Last Modified: 2012-05-12
Hi,

we are planning to install a Netflow server but i dont have any knowledge about Netflow.
What is the basic pupose of the Netflow server and what are the Prerequisits eedsed to deploy and where to connect means is it should be in LAN or outside the Firewall.

What are the hardware resources required ?
What is the configuration required in Firewall or Router?
Waht is Netflow server  RAM/Harddisk size required to keep the Logs
Can we debug IPSEC traffic using Netflow serverf?
Can we monitor the Network performence using Netflow server?

Regards
ramu

0
Comment
Question by:RAMU CH
2 Comments
 
LVL 18

Accepted Solution

by:
jmeggers earned 2000 total points
ID: 36562584
The Netflow server is a collector for information sent by the devices in the network.  I would definitely place it somewhere inside your network, although if you have a number of external sites, you may want to place it in a DMZ depending on what your WAN infrastructure looks like.  Most times I've been involved with it, there's some kind of analysis tool such as Arbor Peakflow (http://www.arbornetworks.com/arbor-peakflow-ip-traffic-flow-monitoring-system.html) that's used to help understand the information.  

The hardware resources depend on how much information will be sent by devices, but some devices (Cisco 4500) have special services cards that make Netflow data collection and forwarding more efficient.  FW, router and switch configurations are going to depend on the platform and code running but generally you're going to enable Netflow collection with an "ip flow" command and you're going to export it to the collector using a command such as "ip flow-export destination...."  See the config guides for specifics for your platforms.

I've never seen Netflow used to debug IPSec issues.  It can be used as a security tool, but that's more related to DDOS and other types of flow-based attacks.  It's really a traffic monitoring and analysis tool, charting source, destination, protocols, users, applications, peak usage times, etc.

You can find a bunch of information on Cisco's web site at http://www.cisco.com/en/US/products/ps6601/products_ios_protocol_group_home.html
0
 
LVL 1

Author Closing Comment

by:RAMU CH
ID: 36915134
Thanks
0

Featured Post

Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

As the cloud has become an integral part of enterprises’ workflow worldwide, there is an increasing demand for cloud managed service providers that can bring the expertise to the process and help enterprises maximize their investment in the cloud.
Are you looking to start a business? Do you own and operate a small company? If so, here are some courses you need to take before you hire a full-time IT staff.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

590 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question