Network security and troubleshooting with Netflow Analyzer
These are the questions asked during the training
FAQ's
Is there support for monitoring Meraki Access Points using the dashboards API interface? Yes, you can monitor Meraki AP in NetFLow Analyzer's API interface.
Is DPI available in agent form? Installed on the application server itself instead of capturing all network traffic? No, it is not available as an agent. It comes along with the product.
Can DPI be deployed on separate server so that the traffic inspection does not overwhelm the monitoring web server? No, we do not have an option to redirect or inspect DPI on a different server at this point.
I have 28% application marked as Unknown_App. How do I identify what traffic is behind Unknown_App NetFlow Analyzer traffic calculation is based on the port and protocol map available. We have around 10,000 application mapped based on the IANA which you can find it under Application/QoS mapping. If there is a traffic on your network which uses the port and protocol which is not mapped under Application/QoS mapping will be categorizing them as unknown_ app. You can map these applications using "show ports" option, so that from very next flow it categorize it with that name. Please check the below link for more information on this. https://forums.manageengine.com/topic/unknown-application-port-protocol
I have also application "Others" which is 29% of my traffic In NetFlow analyzer. we perform crunching mechanism to show top 100 records and it can be increased upto 300, other than this top 300 the remaining transactions will be considered under others.
I have to check traffic from one router to another router. Basically it is required to stop malware stop before spread on another location. You can create Ip Group to monitor one site to another site traffic.
Why my Layer7 display 0 under Apps? Layer 7 app is the data recieved under AVC on each interfaces. We can show the data here only if the device is configured to export Cisco AVC info in netflow.
How can RAW data be viewed?You can view the raw data for interface traffic under “Inventory” for last 2 hours and “Forensics Report” for conversation level details under the Reports tab.
Can we monitor VPN traffic in NetFlow analyzer?Yes, if the encryption is based on ESP or GRE, we can monitor the amount of traffic for ESP or GRE application. But we may not be able to find the in-depth report on VPN traffic.
How do I verify my current storage time limit?In the current version (12.X), navigate to Settings > Netflow > Storage settings, to view the current storage time limit.
Does NetFlow Analyzer support Watchgaurd firewall?No. NetFlow Analyzer doesn’t support Watchguard firewalls. The device doesn’t have the capability to export any kind of flow formats like netflow, sflow, jflow etc.
How is Netflow Analyzer priced? Is it interface based?Yes. The licensing for NetFlow Analyzer is based on number of interfaces. Visit https://store.manageengine.com/netflow/ to know more.
Is there a feature where I can share the Dashboard with a specific department for monitoring their own application and visibility?Yes. You can create a user group based on department and create the dashboard for the users.
Can I convert the alert into a ticket?Yes, with a trap processing application, we can send SNMP traps.
In custom search, can reports be pulled for server IP or only for router Interface IP that is being used?Server IP.
I am missing the capacity planning report. How do I add it?It is an add-on for NetFlow analyzer. You will be able to access it once you upgrade your license.
If an interface is not used, will we receive any flows?No.
Which communication port do I have to set in the device to send flows from the device to NFA?The device will select it randomly by itself. In netflow server we use 9996 , custom ports can be added to a maximum number of 5 ports.
Can NetFlow also send email to subscriber when alarm is set?Yes.
Will the offsite NetFlow Analyzer demo be able to monitor my network?Yes.
Can NetFlow monitor my MAC address?Mac addresses can be monitored only for WLC (wireless).
Is it possible to set an alert for the top bandwidth consumers?Yes. You can use Alert profile feature in NetFlow analyzer.
Is it possible to monitor network devices and their interface availability with NetFlow?We have OpManager with NetFlow to achieve the same.
