Page 1 of 1

Configure NetFlow - Checkpoint Firewall

Posted: Thu Jun 17, 2010 9:22 am
by digitoll
CheckPoint Reference Guide IPSO 6.2

Checkpoint Netflow Commands

You can use the Netflow support in IPSO to collect information about network traffic patterns and volume. To provide this information, IPSO tracks network “flows.” A flow is a unidirectional stream of packets that share a given set of characteristics. Use the following commands to configure Netflow services.

set netflow
  • •active-timeout seconds
    •collector ip ip_address port port_number
    •enable-acl <on | off>
    •enable-flows <on | off>
    •export-format <Netflow_V5 | Netflow_V9 | None>
    •inactive-timeout seconds
    •srcaddr ip_address
show netflow
  • •all
    •active-timeout
    •collector
    •enable-acl
    •enable-flows
    •export-format
    •inactive-timeout
    •srcaddr
Arguments

Active-timeout seconds Specifies the number of seconds after which IPSO should export a record for a flow when the flow is still active.

collector ip ip_address port port_number Specifies the IP address and port number of the Netflow collector.

enable-acl <on | off> Enables or disables ACL metering mode. If you use this mode, you define flows by configuring ACL rules. All the traffic that matches a rule is exported in one flow record.

enable-flows <on | off> Enables or disables flow metering mode. If you use this mode, a flow is any sequence of packets that share

• Source and destination IP addresses
• Source and destination port numbers
IP protocol IPSO exports each flow in an individual flow record

export-format <Netflow_V5 | Netflow_ V9 |None> Specifies the format of the export flow records. This format must be supported by the flow collector.

inactive-timeout seconds Specifies the number of seconds to wait while a flow is inactive (no traffic) but has not been terminated. If the specified number of seconds elapses, IPSO exports a record for the flow.

srcaddr ip_address Specifies the source (local) IP address to be used in export records. If this is not configured, the address is chosen based on the route to the collector’s address.