SonicOS 7.1 Device AppFlow
Configuring IPFIX with Extensions
To configure IPFIX with extensions flow reporting
- Click Settings.
-
In the Settings section, for Report Connections, select one of these radio buttons:
- All (default).
- Interface-based: when enabled, the flows reported are based on the initiator or responder interface.
- Firewall/App Rules-based: when enabled, the flows reported are based on already existing firewall rules.
This step is optional, but is required if flow reporting is done on selected interfaces.
- Click External Collector.
-
Select Send Flows and Real-Time Data To External Collector.
When enabling this option, you might need to reboot the device to enable this feature completely.
- Select IPFIX with extensions as the External Flow Reporting Format from the drop-down menu.
- Specify the External Collector’s IP address in the provided field.
-
For the Source IP to Use for Collector on a VPN Tunnel, specify the source IP if the external collector must be reached by a VPN tunnel.
This step is required if the external collector must be reached by a VPN tunnel.
- Specify the External Collector’s UDP port number in the provided field. The default port is 2055.
- Select the tables you wish to receive static flows for from the Send Static AppFlow For Following Tables drop-down menu.
- Select the tables you wish to receive dynamic flows for from the Send Dynamic AppFlow For Following Tables drop-down menu.
-
Select any additional reports to be generated to a flow from the Include Following Additional Reports via IPFIX drop-down menu.
To have system logs generated, you must select System Logs from this drop-down menu.
-
Click Generate ALL Templates to begin generating templates.
IPFIX with extensions uses templates that must be known to an external collector before sending data.
- Enable the option to Send Static AppFlow at Regular Intervals by selecting the checkbox. After enabling this option, click Generate Static Flows.
- To begin generating static flow data, click Generate Static AppFlow Data. A message requesting confirmation displays.
-
To send log messages to the external collector, click Send All Entries for the Send Log Settings to External Collector option.
Ensure the connection between SonicOS on the firewall and the external collector server is ready before clicking Send All Entries.
The external server loads the properties (see Saved properties) and settings for use when it reboots. Click Send All Entries to synchronize the settings whenever:
- SonicOS is upgraded, for example, with new log events.
- The connection between SonicOS (firewall) and the external server has been down for some time and log settings might have been edited during that time.
SonicOS sends updates to the external server automatically if some fields of log event settings are changed.
Saved Properties Category Property Event properties and settings Event ID
Belongs to group ID
Color
Message type IDPriority
Stream filter
Event name
Log messageGroup properties Group ID
Belongs to category IDGroup name Category properties Category ID Category name Message type properties Type ID Type name -
Click Accept.
Was This Article Helpful?
Help us to improve our support portal