Checkpoint Netflow Commands
You can use the Netflow support in IPSO to collect information about network traffic patterns and volume. To provide this information, IPSO tracks network “flows.” A flow is a unidirectional stream of packets that share a given set of characteristics. Use the following commands to configure Netflow services.
set netflow
- •active-timeout seconds
•collector ip ip_address port port_number
•enable-acl <on | off>
•enable-flows <on | off>
•export-format <Netflow_V5 | Netflow_V9 | None>
•inactive-timeout seconds
•srcaddr ip_address
- •all
•active-timeout
•collector
•enable-acl
•enable-flows
•export-format
•inactive-timeout
•srcaddr
Active-timeout seconds Specifies the number of seconds after which IPSO should export a record for a flow when the flow is still active.
collector ip ip_address port port_number Specifies the IP address and port number of the Netflow collector.
enable-acl <on | off> Enables or disables ACL metering mode. If you use this mode, you define flows by configuring ACL rules. All the traffic that matches a rule is exported in one flow record.
enable-flows <on | off> Enables or disables flow metering mode. If you use this mode, a flow is any sequence of packets that share
• Source and destination IP addresses
• Source and destination port numbers
IP protocol IPSO exports each flow in an individual flow record
export-format <Netflow_V5 | Netflow_ V9 |None> Specifies the format of the export flow records. This format must be supported by the flow collector.
inactive-timeout seconds Specifies the number of seconds to wait while a flow is inactive (no traffic) but has not been terminated. If the specified number of seconds elapses, IPSO exports a record for the flow.
srcaddr ip_address Specifies the source (local) IP address to be used in export records. If this is not configured, the address is chosen based on the route to the collector’s address.