SonicOS 7.1 Device AppFlow

NetFlow Activation and Deployment Information

SonicWall recommends careful planning of NetFlow deployment with NetFlow services activated on strategically located edge/aggregation routers that capture the data required for planning, monitoring and accounting applications. Key deployment considerations include the following:

  • Understanding your application-driven data collection requirements: accounting applications might only require originating and terminating router flow information whereas monitoring applications might require a more comprehensive (data intensive) end-to-end view.
  • Understanding the impact of network topology and routing policy on flow collection strategy: for example, avoid collecting duplicate flows by activating NetFlow on key aggregation routers where traffic originates or terminates and not on backbone routers or intermediate routers that would provide duplicate views of the same flow information.
  • NetFlow can be implemented in the SonicOS management interface to understand the number of flow in the network and the impact on the router. NetFlow export can then be setup at a later date to complete the NetFlow deployment.

NetFlow is, in general, an ingress measurement technology that should be deployed on appropriate interfaces on edge/aggregation or WAN access routers to gain a comprehensive view of originating and terminating traffic to meet customer needs for accounting, monitoring or network planning data. The key mechanism for enhancing NetFlow data volume manageability is careful planning of NetFlow deployment. NetFlow can be deployed incrementally (that is, interface by interface) and strategically (that is, on well-chosen routers) —instead of widespread deployment of NetFlow on every router in the network.

NetFlow and Syslog are two different technologies that serve different purposes. NetFlow is a network protocol used to collect and analyze network traffic data, while Syslog is a logging protocol used to collect and store log messages from devices on a network.

When it comes to the usage of both technology, whether to use NetFlow or Syslog depends on the specific needs and requirements. Both technologies can be useful for different purposes, and it may be beneficial to use both in combination to gain a comprehensive view of network activity.

Here are some potential benefits of using NetFlow and syslog:

Benefits of Netflow and Syslog
NetFlow Syslog
NetFlow provides more detailed and granular information about network traffic, including source and destination IP addresses, port numbers, and protocol types. This can be useful for identifying patterns and trends in network usage, and for troubleshooting performance issues. Syslog is widely supported by a variety of devices and systems, making it a flexible and universal logging solution.
NetFlow data can be analyzed in real-time, allowing network administrators to quickly identify and respond to potential issues as they arise. Syslog can be configured to send log messages to a central server, allowing for easy storage and centralized management of log data.
NetFlow is more efficient than Syslog, as it uses a standardized and compressed format for data transmission. This can be beneficial in environments with high volumes of network traffic, as it can reduce the load on network devices and servers. Syslog can be used to collect and store log messages from a variety of sources, including servers, routers, switches, and other network devices.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden