For exporting network flow information with IPFIX, complete the following steps:
Step 1. Enable and Configure IPFIX
Before you can export network flow information, you must enable and configure IPFIX.
- Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > General Firewall Configuration.
- In the left menu, select Audit and Reporting.
- Click Lock.
- In the IPFIX Streaming section, set Enable IPFIX Export to yes.
- (optional) Set Enable Intermediate Flow Report to yes.
- (optional) Enter the Intermediate Reporting Interval [min] for intermediate reports in minutes.
- Choose an IPFIX Template:
- Basic – Includes only the most basic data and should therefore be compatible with most collectors.
- Default - This is the default template and includes all data from the basic templates plus all Barracuda proprietary fields.
- Extended - This template extends the default template with the elements octetTotalCount, packetTotalCount and timestamps relative to the system uptime.
- Extended without proprietary fields - This template contains all data of the extended template, but omits all Barracuda proprietary fields.
- Custom - Select this option to define a custom template by selecting the individual Information Elements that should be sent.
- Click + next to Collectors to add an IPFIX collector.
- Enter a Name for the collector settings and click OK. The Collectors window opens.
- Select the protocol from the Export Mode list. UDP is supported by most collectors.
- If you are using TCP/TLS, configure the TLS certificate settings.
- Enter the Collector IP.
- Enter the Collector Port. Typical collector ports are: 2055, 2056, 4432, 4739, 9995, 9996 and 6343.
- Click OK.
- Click Send Changes and Activate.
Step 2. (optional) Enable IPFIX for the HTTP Proxy Service
If necessary, it is also possible to enable IPFIX for the HTTP proxy service. The HTTP proxy service uses a Biflow IPFIX template, which cannot be configured by the user, and contains the following information elements:
- sourceIPv4Address, destinationIPv4Address, sourceTransportPort, destinationTransportPort, octetDeltaCount, octetTotalCount, flowStartMilliseconds, flowEndMilliseconds, flowDurationMilliseconds, httpRequestMethod, httpContentType,, httpRequestHost, httpUserAgent, httpRequestTarget, httpStatusCode
- Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > HTTP-Proxy > HTT Proxy Settings.
- From the Configuration Mode menu, select Switch to Advanced View.
- Click Lock.
- In the Log Settings section, set IPFIX Streaming to yes.
- Click Send Changes and Activate.