How to Configure Netflow Server Profile and Assign to Interface
The following steps describe how to configure the Netflow Server Profile:
- Go to Device > Server Profiles > Netflow
- Click Add to bring up the Netflow Server Profile
- Add a Name for the Netflow settings
- Click Add and fill the Name (name to identify the server) and Server (host name or IP address of the server) field
- The port is automatically populated as 2055, but can be edited if needed, as shown below:
The profile can be assigned to an existing Palo Alto Networks firewall interface, so that all traffic flowing over that interface is exported to the specified server above.
To assign the profile created above to the interface, follow the steps below:
- Click on Network > Interfaces, go to either Ethernet, VLAN, Loopback or Tunnel tabs
- Select any interface and assign the above created Netflow Server Profile ( Netflow_Profile1) in the Netflow Profile field:
Note : (Required for PA-7000 Series and PA-5200 Series firewalls) Configure a service route for the interface that the firewall will use to send NetFlow records.
You cannot use the management (MGT) interface to send NetFlow records from the PA-7000 Series and PA-5200 Series firewalls. For other firewall models, a service route is optional. For all firewalls, the interface that sends NetFlow records does not have to be the same as the interface for which the firewall collects the records.
- Select Device>Setup>Services
- (Firewall with multiple virtual systems) Select one of the following: Global or Virtual Systems
- Select Service Route Configurations and Customize
- Select protocol IPv4 or IPv6
- Click Netflow
- Select the Source Interface
- Any, Use default, MGT are not valid interface options for PA-7000 and PA-52000 Series firewalls
- Select a Source Address IP
- Click OK twice