• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 316
  • Last Modified:

NETFLOW requirements

Hi,

we are planning to install a Netflow server but i dont have any knowledge about Netflow.
What is the basic pupose of the Netflow server and what are the Prerequisits eedsed to deploy and where to connect means is it should be in LAN or outside the Firewall.

What are the hardware resources required ?
What is the configuration required in Firewall or Router?
Waht is Netflow server  RAM/Harddisk size required to keep the Logs
Can we debug IPSEC traffic using Netflow serverf?
Can we monitor the Network performence using Netflow server?

Regards
ramu

0
RAMU CH
Asked:
RAMU CH
1 Solution
 
jmeggersSr. Network and Security EngineerCommented:
The Netflow server is a collector for information sent by the devices in the network.  I would definitely place it somewhere inside your network, although if you have a number of external sites, you may want to place it in a DMZ depending on what your WAN infrastructure looks like.  Most times I've been involved with it, there's some kind of analysis tool such as Arbor Peakflow (http://www.arbornetworks.com/arbor-peakflow-ip-traffic-flow-monitoring-system.html) that's used to help understand the information.  

The hardware resources depend on how much information will be sent by devices, but some devices (Cisco 4500) have special services cards that make Netflow data collection and forwarding more efficient.  FW, router and switch configurations are going to depend on the platform and code running but generally you're going to enable Netflow collection with an "ip flow" command and you're going to export it to the collector using a command such as "ip flow-export destination...."  See the config guides for specifics for your platforms.

I've never seen Netflow used to debug IPSec issues.  It can be used as a security tool, but that's more related to DDOS and other types of flow-based attacks.  It's really a traffic monitoring and analysis tool, charting source, destination, protocols, users, applications, peak usage times, etc.

You can find a bunch of information on Cisco's web site at http://www.cisco.com/en/US/products/ps6601/products_ios_protocol_group_home.html
0
 
RAMU CHAuthor Commented:
Thanks
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now