There are two mail steps to configure NetFlow on Palo Alto device:
1) Define a NetFlow server profile : specifies the frequency of the export along with the Netflow servers that will receive the exported data.
2) Assigning the profile to firewall interface :all traffic flowing over this interface is exported to the specified servers.
For defining a NetFlow server profile you have to navigate to Device > Server Profiles > Netflow in the GUI. Here you will see the following settings:
Name : Enter a name for the Netflow settings.
Template Refresh Rate : Specify the number of minutes or number of packets after which the NetFlow template is refreshed (we recommend 1 Min; packets range 1-600, default 20).
Active Timeout : Specify the frequency at which data records are exported for each session (we recommend 1 Min).
Export PAN-OS Specific Field Types : Export PAN-OS specific fields such as App-ID and User-ID in Netflow records.
Server Name : Specify a name to identify the server.
Server : Specify the host name or IP address of the server.
Port : Specify the port number for server access (default 9996).
Once we have configured the NetFlow profile the next step is to assign the profile to firewall interface, for this navigate to Network > Interfaces > Ethernet. Click the link for the interface on the Ethernet tab, and specify the NetFlow Profile.
Once you have configured these two steps, the flows will be exported to the NetFlow Analyzer server and ManageEngine NetFlow Analyzer will auto detect the device and start generating the report for you.