“IPFIX” tab

The IPFIX (IP Flow Information Export) protocol, derived from Netflow, is a network monitoring protocol that allows gathering information on IP traffic.

Such traffic consists of sending a template describing the type of information sent to the collector. For TCP-based IPFIX traffic, this template will only be sent once the connection is established. When the IPFIX traffic is based on UDP, the template will be sent regularly.

 

This button makes it possible to enable or disable the sending of logs to an IPFIX collector.

 

Four templates are defined by default:

  • IPv4 connections without address translation (NAT),
  • IPv4 connections with NAT,
  • IPv6 connections,
  • alarms.

These templates define whether information contained in alarm (l_alarm), connection (l_connection), intrusion prevention plugin (l_plugin), or packet filtering (l_filter) log files will be sent.

IPFIX collectorSelect or create a host object corresponding to the IPFIX collector. Groups cannot be selected.
ProtocolSelect the protocol on which IPFIX traffic will be based (TCP or UDP).

Advanced properties

Port

Choose an object corresponding to the communication port between the firewall and the IPFIX collector. The default value suggested is ipfix (port 4739).

Backup IPFIX collector

This field will only be active when the protocol selected is TCP.

 

In this case, a collector can be specified, to which IPFIX messages will be sent in the event the nominal collector is unavailable. 10 minutes after having switched its traffic to the backup collector, the firewall will attempt to contact the nominal collector again. In the event of a failure, the firewall will continue to send its traffic to the backup collector while regularly retrying to contact the nominal collector.

Backup port

This field will only be active when the protocol selected is TCP.

 

This is the listening port of the backup IPFIX collector.