IPFIX tab
The IPFIX (IP Flow Information Export) protocol, derived from Netflow, is a network monitoring protocol that allows gathering information on IP traffic.
Such traffic consists of sending a template describing the type of information sent to the collector. For TCP-based IPFIX traffic, this template will only be sent once the connection is established. When the IPFIX traffic is based on UDP, the template will be sent regularly.
| This button makes it possible to enable or disable the sending of logs to an IPFIX collector. |
| IPFIX collector | Select or create a host object corresponding to the IPFIX collector. Groups cannot be selected. |
| Protocol | Select the protocol on which IPFIX traffic will be based (TCP or UDP). |
Advanced properties
| Port | Choose an object corresponding to the communication port between the firewall and the IPFIX collector. The default value suggested is ipfix (port 4739). |
| Backup IPFIX collector | This field will only be active when the protocol selected is TCP.
In this case, a collector can be specified, to which IPFIX messages will be sent in the event the nominal collector is unavailable. 10 minutes after having switched its traffic to the backup collector, the firewall will attempt to contact the nominal collector again. In the event of a failure, the firewall will continue to send its traffic to the backup collector while regularly retrying to contact the nominal collector. |
| Backup port | This field will only be active when the protocol selected is TCP.
This is the listening port of the backup IPFIX collector. |