Netflow on FortiOS

Fortigate now supports Netflow export by extending its monitoring capabilities to routers and switches. FortiOS 5.2  comes with several features, such as NetFlow V9 export for network devices like routers, switches, and Vdoms. Fortinet’s NetFlow exports unidirectional network flow records with fields such as IP addresses, packets, byte counts, time stamps, application ports, and input and output interfaces, which NetFlow Analyzer collects for reporting. The GUI configuration will be posted in the next blog.  Configuration of NetFlow export in FortiOS 5.2. in the CLI mode. config system netflow set collector-ip set collector-port 9996 set source-ip loopback1 set acti

DDoS Attack Detection Using NetFlow Analyzer

A distributed denial of service (DDoS) attack is basically a flood of illegitimate traffic that is sent to a network resource from an IP address or a group of IP addresses, rendering the network resource unavailable. A DDoS attack is a serious security threat facing all types of networks, from the simplest enterprise network to the most complex corporate network. Fortunately, NetFlow Analyzer can help you detect DDoS attacks and mitigate the harm they might otherwise cause. Understanding DDoS DDoS attacks take advantage of the TCP three-way handshake that is carried out for every connection established using the TCP protocol. Not surprisingly, hackers have found a number of ways to defeat the three-wa…

Gaining Deeper Visibility on QoS Hierarchy with ManageEngine NetFlow Analyzer

Quality of Service (QoS) has been a hot technology since its inception. QoS combines multiple technologies that help in building good traffic patterns on a computer network.  To deploy a simple QoS policy that prioritizes business-critical applications on your network , follow these three steps:
  1. Classifying network traffic
  2. Shaping or policing bandwidth
  3. Applying the QoS policy to  a WAN interface
The example below explains QoS deployment on a network to support VoIP, which is now being commonly used on most networks. These VoIP packets should have proper treatment on the network or else users will experience bad call quality across network. Classifying Network Traffic Classification identifies th…

Analyzing ART Using NetFlow Analyzer

Network administrators evaluate an application’s performance by measuring response time, round trip time, packet loss, and delay. However, this method poses certain limitations, because you can monitor only the applications, servers, and network devices within the hosted network boundary. And, if the applications are hosted in the cloud, monitoring is almost impossible. When users complain of delayed response from applications hosted in the cloud, the actual delay could be due to the application, client network, server network, transaction, or response time. Therefore, tracking the actual reason could be a cumbersome, time-consuming, and tedious. In such scenarios, the network admin needs…

Monitoring NetFlow-Lite Data in New Cisco 2900 and 4900 Series Switches Using NetFlow Analyzer

Using NetFlow technology, network administrators can efficiently monitor bandwidth usage for capacity planning and resource allocation. Until now, NetFlow monitoring was supported only in Cisco high-end switches, such as Cisco Catalyst 3K, 4K, and 6K series switches. Cisco’s NetFlow-Lite is a light-weight, packet based sampling technology  to monitor switching traffic in widely-used switches. With Cisco NetFlow-Lite, administrators can now easily monitor bandwidth across a variety of Cisco switches. NetFlow-Lite is currently supported on the Cisco Catalyst 2960-X and 4948E. NetFlow-Lite can be configured as Version9 or IPFIX export fields. As of now, only ingress monitoring is a…

Application Visibility and Control for Better Bandwidth Analysis

Traditionally, using NetFlow to perform bandwidth analysis on application visibility was primarily based on port and protocol information. The monitoring software identifies applications as HTTP, HTTPS, SMTP, and other protocols based on mapping well-known ports and protocols. Today, most applications use random ports as well as well-known ports like 80 and 443. In turn,  traditional port and protocol analysis, which was based upon layer 3 information, is no longer very helpful in proving the deep visibility needed to identify the exact application that is consuming bandwidth. Cisco AVC Cisco Application Visibility and Control is the combination of multiple technologies found in the Cisco ASR 1…

Quality of Service (QoS): A Good Traffic Engineering Component

Today, we commonly see IT budget reduction, cost cutting, and barriers for potential network circuit upgrades. In this tough economic situation, the motive of a network administrator should be optimizing the current infrastructure for future accommodations. Optimization plays a major role when it comes to distributed network architecture and when users are around the globe. How can we optimize the network with the current infrastructure without adding a hardware or software to the network? We’ll discuss this below. The network administrator’s role is to ensure that the network is always up and running, and that the performance of the entire network is always running smoothly, even when…

Identifying Layer 7 Application Traffic to Make Your WAN Hum

Network administrators around the globe are very concerned about the type of traffic that is exiting their network. They want their critical business application over the WAN to perform at its best. Non-critical applications like web traffic and social media downgrade the performance of WAN links. Therefore, administrators should avoid non-business applications on WAN links. Over the last decade, administrators around the globe have used traditional NetFlow and other similar flow technologies to identify the type of traffic on their network.  The traditional flow-based traffic analysis is utilized to identify layer 3 application traffic based on port and protocol. What if a user on the netwo…

This Week’s Five: Tune Your Bandwidth

This Week’s Five is the column where we bring to you a collection of five interesting reads from all over the web, with a different topic every week. This week, we are exploring the importance of bandwidth and traffic flow in the enterprise’s network. During peak hours, the traffic in our network overflows, resulting in slowing down our work. What do we do then? Increase bandwidth or Optimize bandwidth? Which is cost-effective and which is expensive? Read on to find that out and more about organization’s network flow. Bandwidth Optimization – Increasing bandwidth is just one way of taking care of the load on networks. It might be easier to optimize existing bandwidth. Three Steps to

All New Distributed Edition of NetFlow Analyzer

Until 2012, NetFlow Analyzer’s Enterprise edition benefited ISPs, MSPs and large organizations that had distributed network architecture, in monitoring their bandwidth. Any organization with less than 600 interfaces and want to monitor all of them by installing product on Head Quarters data center can go with Professional and Professional Plus Edition which has integrated collectors and reporting engine which collects the data and generate reports. The Enterprise edition was majorly used by organizations that had a distributed architecture and monitoring was done by means of Central server and multiple collectors across different sites in the same network. Limitation of Enterprise Edition:…