Submit a ticketCall us

whitepaperYour VM Perplexities Called, and They Need You to Read This.

Virtualization can give you enormous flexibility with future workloads and can be a key enabler for other areas, like cloud computing and disaster recovery. So, how can you get a handle on the performance challenges in your virtual environment and manage deployments without erasing the potential upside? Learn the four key areas you need to be focusing on to help deliver a healthy and well-performing data center.

Get your free white paper.

Home > Success Center > Netflow Traffic Analyzer (NTA) > Netflow Traffic Analyzer (NTA) Training > Free SolarWinds Training Videos - NTA > How to configure NetFlow on Palo Alto Networks - Video

How to configure NetFlow on Palo Alto Networks - Video

Updated May 1, 2018

Overview

This video (4:35) will show you how to configure a Palo Alto Networks® firewall to export NetFlow using the web interface.

 

 

This video is available in the following languages:  English

Environment

  • NTA
  • NPM

Video Transcription

This video will show you how to configure a Palo Alto Networks® firewall to export NetFlow using the web interface. 

The model used in this demo is a PA-200 version PAN-OS 7.0.2. Please note that there might be slight differences with other models and versions.

Open a browser session and log in to your device.

From the dashboard, click the 'Device' tab.

On the Device page under Server Profiles, select 'NetFlow' from the list and then click 'Add' at the bottom.
The NetFlow Server Profile comes pre-populated with default settings for template refresh rate and active timeout.

Add a name for the profile. For this example, we'll use "NSW_NTA_Export," but you can enter any name you like.

Change the Template Refresh Rate from 30 minutes to 1 minute. This will minimize data gaps if the SolarWinds server or NetFlow service restarts. The NetFlow service is unable to process the flow data until the template is received, and this way, the data will be processed within a minute.

Change the Active Timeout from 5 minutes to 1 minute. This setting controls how often the active cache flows are exported. By changing this setting to 1 minute, the data will be normalized. If this is left at the default setting of 5 minutes, and there are active flows that last longer than 5 minutes, this will cause 5 minute spikes on the charts. If the link is saturated, spikes may be greater than the bandwidth of the circuit.

Click the plus icon at the bottom of the page to add the NetFlow Collector. Enter a name to identify the collector. We'll call this 'SWCollector.' Enter the IP address of the server where the SolarWinds®NetFlow Traffic Analyzer collector is installed. In this example, we are using 10.199.25.62.

Click 'OK' to to save your changes to the profile.

Next, you need to assign the profile to the interfaces you wish to collect NetFlow data.

In this example, we'll assign the NetFlow profile to the ethernet 1/2 interface.

Click the 'Network' tab, then 'Interfaces,' and finally the 'Ethernet' tab.

Now, double-click on the interface(s) you wish to collect NetFlow data on. Please note that this needs to be a Layer 3 interface.

Add a comment if you wish to identify or describe the interface. For purposes of this demo, we'll add 'NetFlow' since it's collecting NetFlow data.

Select the NetFlow profile created earlier from the drop-down list and click 'OK.'

Next, you will configure a service route for the interface that the firewall will use to send the NetFlow data. For PA-7000 and PA-5200 series firewalls, the management interface cannot be used to send the NetFlow data. The interface configured in the service route does not have to be the same as the interface that is collecting the NetFlow data.

To configure a service route, select the 'Device' tab from the main menu. Select 'Setup' from the list on the left and then the click the 'Services' tab.Click 'Service Route Configuration' at the bottom.

Select 'Customize,'  ‘IPv4’ and then click on the word 'NetFlow.'

Select 'Source Interface' from the drop-down list, and then select the 'Source Address' that will be used to send the NetFlow data.

"Any," "Use default," and "MGT" (or management) are not valid interface options for sending NetFlow records from the PA-7000 Series or PA-5200 Series firewalls.

Click 'OK' to exit from the Service Route Source, and then 'OK' to exit the Service Route Configuration.

The final step is to click the 'Commit' button in the upper-right corner of the window. Please note that clicking 'Save' WILL NOT apply your changes and the NetFlow data will not be exported. This is the most common reason that NetFlow data is not exported, even though everything has been configured correctly.

The "Save" button simply saves the XML configuration to a file, whereas the "Commit" button saves and applies the config changes.

And that's it!

Now that you've configured NetFlow on your Palo Alto Networks device, you can analyze your network traffic using SolarWinds NetFlow Traffic Analyzer and monitor your network using SolarWinds Network Performance Monitor.

 

Last modified

Tags

Classifications

Public