If you are monitoring a switch, do you need to set up NetFlow on the uplink port and the individual switch ports? You have to enable NetFlow only on your uplink ports.
Will it log which switch port the traffic came from so you can identify the person who is using excessive web traffic? It will have the IP address of the source from which the traffic was generated and you have the resolve DNS option available from which you could clearly identify the person/device who used the traffic
If I have 4 10GB interfaces in a port channel, where should I enable the NetFlow? NetFlow should be enabled on the port channel right.
How do I add an interface? Interfaces get added automatically once the corresponding flows are received.
What is "binary-over-http" in AVC? "binary-over-http" is our internal customized application, Please refer the below link for detailed information, https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/prot_lib/configuration/xe-3s/nbar-prot-lib/nbar-prot-b.html
What impact does having heavily encrypted traffic on the network? Does this application assume that network traffic is in the clear? No. It will categorize the traffic with respect to the encryption protocol, EX, ESP, GRE.
NetFlow Analyzer seems very Cisco specific. What value do I get if I'm not a cisco shop? Is Cisco the targeted manufacturer for this application? As of now Cisco is exporting these information in flow packets. If other vendors can provide these information or any other information in flow packets, we are ready to take it . Cisco is not the targeted manufacturer. Cisco features are Add-ons, while the base product is multi vendor supported.
What is the best way to report on potentially slow internet access from our ISP link (a specific interface with NetFlow configured). Scenerio: Someone on the LAN submits a ticket saying that their internet connection is slow. How can I provide information either verifying that our ISP link is over utilized or that the connectivity problem is the external server they are trying to connect to? Using NetFlow Analyzer, you can see the type of traffic and who, what and how the bandwidth is been utilized. Also, the interface is utilization you see in NetFlow is the utilized bandwidth. If your wan interface is Cisco, you can use IPSLA feature to check if your isp is providing you the promised bandwidth.
Why should we use/enable raw data? Netflow analyzer has 2 types of data. Raw and aggregated data. Raw data contains every flow received from the device. This is a huge data and has port level information.
How are IPs gathered in NetFlow? Flow data contains the information regarding ips and more. This flow is sent by the router/switch/firewall.
How do we find total the volume utilized by a group? In the inventory tab, you can navigate to the groups section and see the drill down.
I just enabled netflow on a device that I already had on monitoring. Now it shows up on flow analysis but I see its IP but not it's name. You can update SNMP to get the device names and interface names.
Is AVC supported? Should it be configured separately?Yes, it is supported only on cisco device. Contact Support@netflowanalyzer.com for config details.
Is the traffic shown in application for a particular ip or for the whole network?Under app tab, the application is for the entire the network but when you drill down you navigate to appropriate interface/ip.
I have a group where utilization is above 100%. What should I do?Group speed might be configured incorrectly while creating the group. Please edit and set correct speed.
Is there a possibility for me to know what the traffic that someone is using business hours , and identify him by his name , alert him and block him if passed the threshold?As of now we have an option to find who is using much traffic and what are those traffic, alert can be generated but blocking is not available. You can do it manually using NCM add-on.
I am getting only separate in and out traffic reports but not both in and out.Please check the device configuration. Make sure you have enabled flow on all in.
Should NAT be done to get the ips in the NetFlow Analyzer?Not mandatory,
How to schedule report for the Interface utilization?Navigate to reports, schedule reports, you can select the type as traffic report and configure it.
What does group speed mean?It is the sum of individual interface speeds.
Let's say I have a group of 2 hosts. How can I foresee/define group speed?It will be the speed of the interface associated to it.
Is NetFlow Analyzer NMS or EMS?Both the versions are available as different editions.
How does the AWS, cloud level monitoring work in NetFlow Analyzer?NetFlow Analyzer does not support AWS.
Do NetFlow Anaylzer and OpManager work on same server or should they be installed separately?We have Opmanager plus where you can avail multiple licenses with single installation.
Can you help me on installing the product? Is there any help guide? You can refer this PDF to help you with the installation:
For more information, refer help guide http://help.netflowanalyzer.com/
Does NetFlow Analyzer have automatic discovery? Yes. Once you enable the flow commands on your devices, the devices start sending flows to Netflow server. Once the flows reaches to the server the device will discover automatically.
My Netflow has a different interface look. What is the latest version. Perhaps I need an upgrade? The latest version of NetFlow Analyzer is 12.3.086. You need to upgrade if you are in 10.2.50 11.0.00, 12.000,12.1.00 or 12.2.00.
I can't see anything in Application, source, destination and Conversation This could be in MSSQL database due to bcp. Please contact our support team at support@netflowanalyzer.com
Can we have automatic backup of devices in netflow? Yes, We can achieve it using Network Configuration Manager add-on.
Do you support Palo Alto firewall? Yes, NetFlow Analyzer can export flows from Palo Alto firewall.
Can we monitor firewall port for incoming traffic from internet to web servers ? Yes, You can create IP group with web servers ip's and monitor the same.
We use Huawei devices (ex - switch 6800) , I tried to add devices through NCM , cannot find it. NetFlow Analyzer supports Huawei devices. Please contact our support team to know on the configuration steps.
Can you share the price of NetFlow Analyzer? You can check the below link for pricing details.
What is NetFlow Analyzer?NetFlow analyzer is a bandwidth monitoring tool for L3 network devices.
Can we use NetFlow Analyzer in OP Manager?Yes, NetFlow is available with Opmanager too. Please contact eval-itom@manageengine.com for license purchase.
Can I monitor NetFlow if I don't have firewall?NetFlow Analyzer supports all Layer 3 devices.
Does NetFlow analyzer require Network Configuration Manager?Network Configuration manager is available as an add-on for NetFlow Analyzer.
How can I monitor NetFlow without firewall in my small office?NetFlow is a type of flow export format supported by cisco devices, where as sFlow is for HP, J-Flow is for juniper and so on. Manageengine supports all types of flow formats. Please contact our support team eval-itom@manageengine.com with the list of Layer 3 devices in your network. We will assist you with the configuration and setup.
For a 2 GB LAG interface (uses 30% capacity) how much storage will NetFlow Analyzer require for 3 months of data?We have calculation for disk usage. Please send an email to NetFlowanalyzer-support@manageengine.com.
Can we monitor Layer 2 traffic statistics (i.e., Layer 2 VLAN)?Yes, Layer 2 traffic statistics can be monitored using the IPgroups feature.
is it possible to install NetFlow Analyzer in windows server 2016 Edition and is it possible to use MSSQL 2016?Yes, we support Windows 2016 Edition and MSSQL can be used as the background database.
What information is shown under Top Sites?In case your organization is hosting any application, you will be able to see what the IP-address communicated to that application servers are and the bandwidth utilized.
What can be done with the help of Flow Filter settings?Flow filter settings can be used to overcome Technical/Environmental exceptions and limitations.
How can I send emails to several users on a particular alert?You can mention the e-mail addresses separated by commas ",".
How does NFA decrypt HTTPS traffic to identify which application or website is consuming Bandwidth?NFA uses AVC feature in cisco devices (NBAR2).
What is the latest build version?The latest build is version 12.3.0.83
What is the diference between Forticloud analyzer and NetFlow AnalyzerNetFlow Analyzer offers multivendor support. Netflow, sflow, cflow, jflow, netstream and ipfix are supported flow formats.
How does NetFlow Analyzer decrypt encrypted packets?The UDP packet contains the encrypted and decrypted information. We use the UDP packet information to show the application information.
When you have opmanager installed in your server, do you need to install the NetFlow Analyzer?No, NetFlow Analyzer comes as an add-on with Opmanager.
If we move an existing device from one location to another and the IP address changes, do we need to delete and re-add the device?No, NetFlow analyzer will automatically update it.
Is it Possible to monitor Layer 2 interfaces in NetFlow Analyzer?NetFlow Analyzer is capable of only monitoring Layer 3 information from the devices. We can monitor traffic switching that happen between the layer 2 interfaces based on device type.
Is it possible to create Application mapping with port range and IP grane?Yes, we have this option available in NetFlow Analyzer.
Is it possible to configure multiple UDP listener ports in NetFlow Analyzer?Yes we can add maximum of 5 UDP listener ports.
Is it necessary to use Network Configuration Manager to add devices in NetFlow Analyzer?NCM is one of the way to add the devices in bulk in NetFlow Analyze. We can configure the devices manually as well to be added in NetFlow Analyzer.
Created IP group in NetFlow Analyzer but there is no data or wrong showing?Check if the created IP Groups is associated to correct interface and the interface is collecting data.
Do I need to delete and re-add the device if I replace ths existing one?If the devices is replaced and has a same IP, SNMP update for the device should be enough.
If unknown interface/vlan/IP in my router gets under DOS attack, then how do I identify the attacked IP fastest?We do have an add on feature called ASAM which will provide you the information based on security events happening on an interface this will be covered in our next session in detail.
We add devices only if we have to configure export on them?Yes you are correct. We auto discover the device once the device exports the flows.
Why is there so much traffic as Others classified?The default widget shows only top 10 for detailed view you can expand the widget to full view. We will discuss this in detail in the next session.
Will this CBQoS policy fetch directly from the device where QoS policy has been written or need to specify policy separately?We fetch the CBQOS information using SNMP from the device.
I see there are no CISCO SB Routers (RV series) natively supported. Are there plans to support them in the future?NetFlow Analyzer can support any device which can export Netflow or any other flow formats.
What will show in flow analysis standard graphs? Both, in and out traffic or just in or out traffic?Both in and out traffic, and you have option to filter it.
There is an alternative to configure the netflow packages in the broadband links or where the upgrading time is applied in the packages. It is the equipment or it can be malipular in the software (OpManager netflow)?We get the NetFlow information form the Network device. NetFlow Analyzer is an software based solution.
No site-site traffic between certain applications viewable in netflow?Yes, you can create site to site IPgroup with IPaddress/range.
How accurate I can analyse the traffic flow. Is it possible to drill down to one selected minute?Yes you can drill down to 1 min.
How can i view the traffic for example last 3 minutes for all interfaces?You can Generate Compare Reports by selecting all the interfaces and get traffic reports for all in a single report.
What is the time that Neflow monitor if the link is down?Max 15 mins.
So I can configure 1 min?No, if there is no flows received for some time , Netflow analyzer will SNMP poll the device for link down this may happen between 3 min to 15 min.
Which mssql version does NetFlow analyzer support?NetFlow Analyzer support any MSSQL database version above 2008
Is it possible to configure AVC via Network Configuration Manager?Yes, it is possible using configlets.
If we monitor a port channel trunk is that one license or 10 licenses for the 10 clans?Netflow analyzer license based on the number of interfaces.If you monitor a port channel it will come under license.
If NAT is enabled, in that case to view internal IP I must configure to monitor outcome traffic on all interfaces?Yes, if you wish to monitor the traffic before nat, you can monitor the interface before that.
Does it possible to apply ACL for any resources in case of threshold violation?Yes, using NCM add-on.
Is it possible to view traffic based on users?Yes, you can create IP groups based on users IP address and monitor the same.
