Configure IPFIX Profiles and Templates
Table of Contents
Expand all | Collapse all
-
-
- Add a Branch
- Add a Data Center
- Add a Branch Gateway
- Configure Circuits
- Configure Internet Circuit Underlay Link Aggregation
- Configure Private WAN Underlay Link Quality Aggregation
- Configure Circuit Categories
- Configure Device Initiated Connections for Circuits
- Add Public IP LAN Address to Enterprise Prefixes
- Manage Data Center Clusters
- Configure a Site Prefix
- Configure a DHCP Server
- Configure NTP for Prisma SD-WAN
- Configure the ION Device at a Branch Site
- Configure the ION Device at a Data Center
- Switch a Site to Control Mode
- Allow IP Addresses in Firewall Configuration
-
- Configure a Controller Port
- Configure Internet Ports
- Configure WAN/LAN Ports
- Configure a Loopback Interface
- Configure a PoE Port
- Configure and Monitor LLDP Activity and Status
- Configure a PPPoE Interface
- Configure a Layer 3 LAN Interface
- Configure Application Reachability Probes
- Configure a Secondary IP Address
- Configure a Static ARP
- Configure a DHCP Relay
- Configure IP Directed Broadcast
- VPN Keep-Alives
-
- Configure Prisma SD-WAN IPFIX
- Configure IPFIX Profiles and Templates
- Configure and Attach a Collector Context to a Device Interface in IPFIX
- Configure and Attach a Filter Context to a Device Interface in IPFIX
- Configure Global and Local IPFIX Prefixes
- Flow Information Elements
- Options Information Elements
- Configure the DNS Service on the Prisma SD-WAN Interface
- Configure SNMP
-
-
- Prisma SD-WAN Branch Routing
- Prisma SD-WAN Data Center Routing
-
- Configure Multicast
- Create a WAN Multicast Configuration Profile
- Assign WAN Multicast Configuration Profiles to Branch Sites
- Configure a Multicast Source at a Branch Site
- Configure Global Multicast Parameters
- Configure a Multicast Static Rendezvous Point (RP)
- Learn Rendezvous Points (RPs) Dynamically
- View LAN Statistics for Multicast
- View WAN Statistics for Multicast
- View IGMP Membership
- View the Multicast Route Table
- View Multicast Flow Statistics
- View Routing Statistics
- Prisma SD-WAN Incident Policies
-
- Prisma SD-WAN Branch HA Key Concepts
- Configure Branch HA
- Configure HA Groups
- Add ION Devices to HA Groups
- View Device Configuration of HA Groups
- Edit HA Groups and Group Membership
-
- Configure Branch HA with Gen-1 Platforms (2000, 3000, 7000, and 9000)
- Configure Branch HA with Gen-2 Platforms (3200, 5200, and 9200)
- Configure Branch HA with Gen-2 Embedded Switch Platforms (1200-S or 3200-L2)
- Configure Branch HA for Devices with Software Cellular Bypass (1200-S-C-5G)
- Configure Branch HA for Platforms without Bypass Pairs
- Prisma SD-WAN Clarity Reports
- Prisma SD-WAN Incidents and Alerts
Configure IPFIX Profiles and Templates
Create or edit IPFIX profiles and templates in Prisma SD-WAN. An IPFIX template specifies
the information elements to export as part of the flow data records and options data
records.
Where Can I Use
This? | What Do I
Need? |
---|---|
|
|
An IPFIX profile is a global IPFIX configuration
object which identifies collector configuration, filter configuration,
the template for exporting flow information elements, and flow sampler
configuration.
Create or edit an IPFIX profile to apply globally
to all sites and devices using the following workflow.
- Select an IPFIX template.An IPFIX template specifies the information elements to export as part of the flow records.
- Selectand clickManageResourcesConfiguration ProfilesIPFIXProfilesCreate Profile.
- Enter a name for the IPFIX Profile and(optional)description and tags.
- Select a template from theIPFIX Templatedrop-down, and clickNext.You can configure a maximum of 4 collectors per IPFIX profile.
- Configure collectors.Collectors define the third-party applications which consume the exported flow records.
- On theCollectortab, clickAddto configure a new collector.
- Protocol— Select the protocol.
- IPv4 Address/FQDN Schema—SelectIPv4 Addressto enter an IPv4 address of the collector in theHostfield or selectFQDN Schemato enter the domain name of the IPFIX collector in theHostfield.You can enter either an IPv4 address or an FQDN. Entering one of them is mandatory.
- The device uses the IP address of the interface to which the collector context is bound as the source interface to export IPFIX flow records.If you do not bind a collector context to an interface, the device uses the controller port by default to establish the connection with the third-party collector. For platforms that do not have a controller port, it is mandatory to specify a collector context and bind it to an interface.
- Host Port—Enter a port number to match the port on which the collector is configured to receive IPFIX records.
- ClickDone.
- (Optional)Configure filters.Configure filters to select a subset of flows from all the observed flows to export to a collector. The criteria for filtering can be protocols, applications, source interface filter contexts, and source and destination port ranges. You can configure a maximum of 8 filters per IPFIX profile.
- On theFilterstab, clickAddto create a new filter.
- (Optional)Select a protocol from theProtocolsdrop-down.If you selectTCPorUDPas the protocol, you can associateSource Port RangesandDestination Port Rangeswith the protocols. If you do not select any protocol, the device allows all protocols.
- (Optional)Select an application from theApplicationsdrop-down to filter flow records for the selected applications.A blank value indicates that flow records from all applications are allowed.If you do not select any application, the device allows all applications.
- (Optional)Select aFilter Contextto map to an interface on the ION device.If you configure a filter context and use it in a profile, you must attach the IPFIX filter context to an interface on the ION device for proper IPFIX export of the flow records.
- (Optional)Select aSource PrefixandDestination Prefixfilter to match.The prefixes can be local or global. If nothing is selected, the device allows flow records from all prefixes.
- (Optional)SelectSource Port RangesandDestination Port Rangesif applicable for TCP and UDP protocols.The device evaluates the values in these fields only if the flows are TCP or UDP. The device ignores the values for all other protocols.
- ClickDone.
- (Optional)Enable sampling.Enable sampling to select a subset of flows to export from all the observed flows. The device forwards this subset to the filtering process to perform further selection if filters are configured.
- Enter a value forExport Cache Timeoutbetween 10 and 600 seconds.Export Cache Timeout specifies the time for which the ION device should cache a new flow record before exporting it. The default value is 30 seconds.
- (Optional)Select theEnable Samplingcheck box to choose a sampling algorithm.Disabling sampling exports IPFIX information for all flows.Select atime-basedalgorithm to configure the duration for sampling. If you select atime-basedAlgorithm, enter values in milliseconds forTime IntervalandTime Spacing.Time Intervalindicates the length of the sampling interval during which flows are selected. The default value is 5 ms.Time Spacingindicates the spacing between the end of one sampling interval and the start of the next sampling interval. The default value is 5 ms.The sampling rate is defined by Time Interval / (Time Interval + Time Spacing). The default values give a 50% sampling rate.
- Submitthe configured IPFIX profile.
Configure IPFIX Templates
An IPFIX template specifies the information elements to export as part of the
flow data records and options data records.
- Select.ManageResourcesConfiguration ProfilesIPFIXTemplatesCreate Template
- On theAdd New IPFIX Templatetab, enter anamefor the IPFIX Template.
- (Optional)Enter a description and tags.
- (Optional)ClickDefault Flow Fieldsto view the information elements exported by default in the flow record.The default flow fields are as follows:
- TIME_STAMPS—Identifies when a flow has started or ended. It includes the absolute time stamp of the first packet and last packet of this flow in milliseconds. For long lived flows, where delta information is sent, flow end time stamp indicates when the last packet was seen.
- DST_IPV4_ADDRESS—Identifies the destination address for the flow.
- DST_PORT—Identifies the destination port for the flow.
- SRC_IPV4_ADDRESS—Identifies the source address for the flow.
- SRC_PORT—Identifies the source port for the flow.
- PROTOCOL—Identifies the protocol used by the flow. Only IPv4 is currently supported.
- (Optional)If you want to export additional flow fields in the flow records, select the fields from theFlow Fieldsdrop-down.Use thePrefill from a preset configurationoption to select a preset template to export specific flow fields.
- (Optional)Select fields from theOptionsdrop-down to export additional information.Selecting Options allows export of additional information to the collector that would not be possible withFlow Fieldsalone.
- (Optional)Enter a value in seconds forTemplate Export Timeout.TheTemplate Export Timeoutcontrols how often the device sends flow templates to a collector. This is only applicable when the connection to a collector uses the UDP protocol. The default value is 600 seconds.
- (Optional)Enter a value in seconds forOption Export Timeout.TheOption Export Timeoutindicates how often the device sends the option record information to a collector. With this information, the collector can supplement its interpretation of the flow record information. This is only applicable when the connection to a collector uses the UDP protocol. The default value is 600 seconds.
- ClickSave.
Attach an IPFIX Profile to an ION Device
Attach an IPFIX profile to an ION device or multiple ION devices to push the
IPFIX configuration to the device. You can attach IPFIX profiles only to branch
ION devices.
Multiple ION devices across different sites can use a single IPFIX profile.
- Select.ManageResourcesConfiguration ProfilesIPFIXProfiles
- Click the ellipsis icon for a profile, selectView Device Bindings, and then clickBind Devices.
- Select one or more ION devices from the list to associate with the selected IPFIX profile andSubmit.The name of the IPFIX configuration displays in the form<Profile Name> on <Device Name>.