Configuring Flow Exports on Check Point Firewalls
Check Point IPSO is the operating system for the Check Point firewall appliance and other security devices. CheckPoint IPSO 6.1 supports NetFlow services.
To configure NetFLow, log in to your Check Point client. Go to Configuration >Traffic Management > NetFlow to access the NetFlow Configuration page. IPSO exports information about flows in flow records.
For NetFlow analysis, you need to configure your devices to export flows to Site24x7 On-Premise Poller, which is the NetFlow collector. The On-Premise Poller will be listening to the particular port to receive flows. Learn how to find the port number of your On-Premise Poller.
You can also configure the Check Point devices through command line interface (CLI) for NetFlow export:
Command | Description |
active-timeout <seconds> // | The number of seconds after which IPSO should export a record for a flow when the flow is still active. |
collector ip <ip_address> port <port_number> // | The IP address and port number of the NetFlow collector. |
enable-acl <on | off> // | Enables or disables access control list (ACL) metering mode. If you use this mode, you define flows by configuring ACL rules. All the traffic that matches a rule is exported in one flow record. |
enable-flows <on | off> // | Enables or disables flow metering mode. If you use this mode, a flow is any sequence of packets that share
|
export-format <NetFlow_V5 | Netflow_V9 | None> // | The format of the export flow records. Site24x7 supports both these formats (NetFlow v5 and v9). |
inactive-timeout <seconds> // | The number of seconds to wait while a flow is inactive (no traffic) but has not been terminated. If the specified number of seconds elapses, IPSO exports a record for the flow. |
srcaddr <ip_address> // | The source (local) IP address to be used in export records. |
Here's a sample NetFlow configuration to work with Site24x7:
collector ip 192.168.1.1 port 9996
enable-acl on
enable-flows on
export-format V5
inactive-timeout 15
srcaddr Lan Interface IP address of firewall
Learn how to
Configuring NetFlow v5 | NetFlow v9 on Check Point devices