Firewall Analyzer Supports 'IPFIX with extensions' NetFlow-based Reporting

In addition to traditional syslog-based reporting, Firewall Analyzer now extends support for 'IPFIX with extensions' NetFlow based reporting. Firewall Analyzer started supporting NetFlow format for Cisco security devices Cisco Adaptive Security Appliances (ASA) version 8.2 (2) and now have extended this to SonicWALL's SonicOS 5.8.x platforms, which support the 'IPFIX with extensions' standard.

IPFIX - A better alternative to Syslog

IPFIX data flow format offers many advantages for IT Managers:

  • The data is structured and this ensures quicker query responses
  • Supports One to Many relationship with datagrams which makes it more scalable
  • With fewer datagram required for data transfer IPFIX doesn't overload the network
  • IPFIX messages can be easily cross referenced with other messages which provides better correlation

'IPFIX with extensionss' supports both static and dynamic flows and provides unparalleled insight into application traffic analysis, bandwidth monitoring, threat detection, user activity tracking, and more.

Firewall Analyzer Flow-based Reporting for SonicWALL firewalls running SonicOS v5.8 & above

Enable 'IPFIX with extensions' flow reporting in SonicWALL next generation firewalls (running on SonicOS v5.8.x platform) and configure the firewall to direct the flows to Firewall Analyzer. Both Static flows and Dynamic flows from SonicWALL are 'collected' by Firewall Analyzer, which then analyzes the received flows and generates a variety of network traffic and security reports.

Firewall Analyzer IPFIX Reports

The reports are:

Future versions will support VPN and Spam reports.

A single platter for comprehensive Network Security Device Management