SonicOS 7.1 Device AppFlow

AppFlow Agent > Use cases
Table of Contents

Use cases

This section provides a description of the use case, the resolution and the configuration procedure.

Enabling Application Visibility in NGFW with Local Collector

  • Use case: Customers using SonicOS 7.X firmware, can enable Real-Time Monitoring and Internal AppFlow collection with local collector.
  •  Resolution: The Real-time application monitoring features rely on the flow collection mechanism in order to collect and display data. To view the “applications chart" (in the Real-Time Monitor, AppFlow Monitor or AppFlow Reports), User must first enable and configure the flow collection feature.
  • Configuration:
    •  To enable Real-Time Monitoring and Internal AppFlow collection, perform the following:

      A reboot is required when enabling AppFlow for the first time.

      1. Navigate to the Device > App Flow > Flow Reporting page in the management interface.

      2. Click Settings tab.

      3. Select the Enable Real-Time Data Collection checkbox.

      4. From the Collect Real-Time Data For menu, select the reports you want.

      5. The following reports are listed in the Collect Real-Time Data For menu.

        • Top Apps

        • Bits per second

        • Packets per second

        • Average packet size

        • Connections per second

        • Core utility

        • Memory utility

      6. Select the Enable AppFlow To Local Collector checkbox.

      7. Click Accept button in top of the page to save the settings.

      8. Navigate to the Network > System > Interfaces page.

      9. Click the Configure icon for the interface you wish to enable flow reporting on.

      10. In the Advanced tab, ensure that the Enable flow reporting checkbox is selected.

      11. Click OK.

Enabling Application Visibility with External Flow Collector

  • Use case: Customer using SonicOS 7.X firmware has ability to send IPFix and NetFlow data to an external collector, like Paessler PRTG Network Monitor.
  • Resolution: The SonicWall security appliance provides the ability to send IPFix and NetFlow data to an external collector, like Paessler PRTG Network Monitor. This allows you see network usage, source and destination IP and ports.
  • Configuration:
    • To add a sensor using PRTG, do the following:

      1. Refer this link to add a sensor https://www.paessler.com/manuals/prtg/add_a_sensor.

      2. In PRTG application, under Technology Used, select the technology that you want to use for monitoring. select Netflow, sFlow, jFlow.

      3. Go through the list of all matching sensor types and select IPFIX (Custom) sensor.

      4. Configure the IPFIX specific settings:

        1. In Receive IPFIX Packets on UDP Port enter the UDP port number on which PRTG receives the flow packets. The default port is 2055.

        2. In Sender IP Address, enter the IP address of the sending device that you want to receive the IPFIX data from.

        3. In Receive Packets on IP Address, select the IP addresses on which PRTG listens to IPFIX packets. The list of IP addresses is specific to your setup. To select an IP address, enable a check box in front of the respective line. The IP address that you select must match the IP address in the IPFIX export options of the hardware router device.

        4. In Active Flow Timeout (Minutes), enter a time span in minutes after which the sensor must receive new flow data. Set the timeout to 9 minutes.

        5. Click continue and configure other settings to create sensor.

      5. After configuring the settings, click the sensor box to select the sensor.

    • To configure external collector, do the following:

      1. Go to Device > Flow Reporting > External collector.

      2. Enable Send Flows and Real-Time Data To External Collector.

      3. Select External Collector's Server Address to IP address.

        1. Enter with the PRTG Server IP.

        2. For more accurate reporting enable the following:

          • Report On Connection OPEN

          • Report On Connection CLOSE

          • Report Connection On Kilobytes Exchanged

        3. In Actions, click on General ALL Templates to force synchronization of the PRTG Server.

Enabling Flow Reporting

  • Use case: Customers using NGFW can use NSM advanced configuration cloud management for flow reporting.
  • Resolution: You can configure the settings to send the real-time data to external collector.
  • Configuration:
    • To configure flow reporting, do the following:
      1. Go to Device > AppFlow > Flow Reporting > Settings tab.
      2. Enable Real-Time Data Collection to activate real-time data collection on your firewall for real-time statistics.
      3. Go to AppFlow Agent tab and enable Send AppFlow to SonicWall AppFlow Agent to send AppFlow data through IPFIX to a SonicWall AppFlow Agent. This option is not enabled by default.
      4. Go to External Collector tab and enable Send Flows and Real-Time Data To External Collector to activate specified flows to be reported to an external flow collector. This option is disabled by default.