sunhux
asked on
Does Gaia & Fortinet has Netflow equiv? Can L2 switches turn on Netflow
Regulator recommended to turn on Netflow: guess this was obtained from
CIS' Critical Security Controls V6.1 for effective Cyber defense, item 12.9 :
Deploy NetFlow collection and analysis to DMZ network flows to detect anomalous activity
However, my network colleague's understanding is Netflow can only be turned on for
Layer 3 interfaces
Q1:
Is this true or L2 Cisco switches can also enable Netflow? If so, can share a link on
how this is done?
Q2:
One pair of routers belong to Telco (not ours) which is beyond our jurisdiction so we're
leaving this out.
However, can Gaia firewall enable Netflow equiv (aka Source Data, Flow Cache)?
Links below seems to indicate so or I read it wrongly?
Seems like Gaia has it:
https://www.cpug.org/forums/showthread.php/21480-Checkpoint-and-Netflow-collector :
“can configure Gaia OS as an Exporter of NetFlow records for all the traffic that is accelerated by SecureXL (SecureXL must be enabled for NetFlow to operate properly) …“
To enable SecureXL:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk41397
[Expert@HostName]# fwaccel on
Q3:
Juniper firewall has JFlow but we plan to tech refresh our Gaia to Fortinet: does Forti
has equiv of Netflow?
CIS' Critical Security Controls V6.1 for effective Cyber defense, item 12.9 :
Deploy NetFlow collection and analysis to DMZ network flows to detect anomalous activity
However, my network colleague's understanding is Netflow can only be turned on for
Layer 3 interfaces
Q1:
Is this true or L2 Cisco switches can also enable Netflow? If so, can share a link on
how this is done?
Q2:
One pair of routers belong to Telco (not ours) which is beyond our jurisdiction so we're
leaving this out.
However, can Gaia firewall enable Netflow equiv (aka Source Data, Flow Cache)?
Links below seems to indicate so or I read it wrongly?
Seems like Gaia has it:
https://www.cpug.org/forums/showthread.php/21480-Checkpoint-and-Netflow-collector :
“can configure Gaia OS as an Exporter of NetFlow records for all the traffic that is accelerated by SecureXL (SecureXL must be enabled for NetFlow to operate properly) …“
To enable SecureXL:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk41397
[Expert@HostName]# fwaccel on
Q3:
Juniper firewall has JFlow but we plan to tech refresh our Gaia to Fortinet: does Forti
has equiv of Netflow?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.