Configure Prisma SD-WAN IPFIX
Table of Contents
Configure Prisma SD-WAN IPFIX
Configure Prisma SD-WAN IPFIX (provides network and application visibility by
transmitting flow information to an external collector) globally for multiple or for a
single ION device.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Prisma SD-WAN IPFIX provides network and application
visibility by transmitting flow information to an external collector. This increased
awareness allows for more efficient network operations, decreased operation costs,
and better utilization of the network infrastructure.
IPFIX monitors traffic across the network by collecting traffic records
at different points in the network. The ION device exports these flow records to
third-party collector applications. The IPFIX implementation and the terms used are
based on the guidelines outlined in RFC 7011
(https://tools.ietf.org/html/rfc7011). You can use the exported IPFIX records for
various purposes such as network management and planning, optimized troubleshooting,
enterprise accounting, studying trends in performance metrics, data mining,
understanding network anomalies, and protecting the network from security
vulnerabilities.
Configure IPFIX to apply to all sites and
devices globally or configure IPFIX for an ION device to override
the global IPFIX configuration.
- Configure IPFIX globally for multiple ION devices.Configure IPFIX globally by creating an IPFIX profile and attaching it to multiple ION devices.
- Configure an IPFIX profile.Bind IPFIX profiles to ION devices.To verify that you have pushed the IPFIX profile to a device, select . The IPFIX configuration bound to the device displays in the Device Binding column.
![]()
Configure IPFIX on a device to override the global IPFIX profile settings.You can optionally configure device specific IPFIX parameters to override parameters such as collectors, filters, and sampling configured in an IPFIX profile.- Select .
![]()
Enter a name and select a profile from the IPFIX Profile drop-down and Save.(Optional) Click the + icon next to IPFIX Profile to create an IPFIX profile.- When you create a new profile at the device level, it becomes a part of the global profiles and you can use it for multiple devices.
- You can optionally configure an IPFIX templat, configure collectors, filters and sampling on the ION device to override the parameters configured in the IPFIX profile.
The ION device uses the collectors, filters, and sampling configured in the IPFIX profile, unless you provide optional overriding configuration.Configure High Availability (HA) for IPFIX
Prisma SD-WAN supports High Availability (HA) between ION devices by ensuring automatic switchover between active and backup devices, maintaining all services and forwarding paths when an ION device experiences a software, hardware, or network related failure.To ensure uninterrupted IPFIX exports, replicate the IPFIX configuration on both devices.- Configure interfaces.Configure interfaces as per the network topology.Configure and attach the same IPFIX profile to both the ION devices.Attach the collector context to both the ION devices.(Optional) If using filters, attach the filter context to both the ION devices.After a device switchover, the collector application receives IPFIX records from the new source interface, so this is considered as a new IPFIX session.
