Справочник Пользователя для SonicWALL 5.8.1
Log > Flow Reporting
1376
SonicOS 5.8.1 Administrator Guide
•
Include Following URL Types—Use this drop-down list to select the type of URLs to be
reported. To skip reporting for specific types of URLs, clear the associated checkbox. This
option applies to both App Flow (internal) and external reporting when using IPFIX with
extensions. Select from the following:
reported. To skip reporting for specific types of URLs, clear the associated checkbox. This
option applies to both App Flow (internal) and external reporting when using IPFIX with
extensions. Select from the following:
–
Gifs
–
Jpegs
–
Pngs
–
Js
–
Xmls
–
Jsons
–
Css
–
Htmls
–
Aspx
–
Cms
•
Enable Geo-IP and Domain Resolution—Select this checkbox to enable Geo-IP and
Domain resolution. Clear it to disable this function. If disabled, App Flow monitor will not
group flows based on domain or country under the initiator and responder tabs. If Geo-IP
blocking or Botnet blocking is enabled, then this checkbox is ignored.
Domain resolution. Clear it to disable this function. If disabled, App Flow monitor will not
group flows based on domain or country under the initiator and responder tabs. If Geo-IP
blocking or Botnet blocking is enabled, then this checkbox is ignored.
NetFlow Activation and Deployment Information
SonicWALL recommends careful planning of NetFlow deployment with NetFlow services
activated on strategically located edge/aggregation routers which capture the data required for
planning, monitoring and accounting applications. Key deployment considerations include the
following:
activated on strategically located edge/aggregation routers which capture the data required for
planning, monitoring and accounting applications. Key deployment considerations include the
following:
•
Understanding your application-driven data collection requirements: accounting
applications may only require originating and terminating router flow information whereas
monitoring applications may require a more comprehensive (data intensive) end-to-end
view
applications may only require originating and terminating router flow information whereas
monitoring applications may require a more comprehensive (data intensive) end-to-end
view
•
Understanding the impact of network topology and routing policy on flow collection strategy:
for example, avoid collecting duplicate flows by activating NetFlow on key aggregation
routers where traffic originates or terminates and not on backbone routers or intermediate
routers which would provide duplicate views of the same flow information
for example, avoid collecting duplicate flows by activating NetFlow on key aggregation
routers where traffic originates or terminates and not on backbone routers or intermediate
routers which would provide duplicate views of the same flow information
•
NetFlow can be implemented in the SonicOS management interface to understand the
number of flow in the network and the impact on the router. NetFlow export can then be
setup at a later date to complete the NetFlow deployment.
number of flow in the network and the impact on the router. NetFlow export can then be
setup at a later date to complete the NetFlow deployment.
NetFlow is in general an ingress measurement technology which should be deployed on
appropriate interfaces on edge/aggregation or WAN access routers to gain a comprehensive
view of originating and terminating traffic to meet customer needs for accounting, monitoring or
network planning data. The key mechanism for enhancing NetFlow data volume manageability
is careful planning of NetFlow deployment. NetFlow can be deployed incrementally (i.e.
interface by interface) and strategically (i.e. on well chosen routers) —instead of widespread
deployment of NetFlow on every router in the network.
appropriate interfaces on edge/aggregation or WAN access routers to gain a comprehensive
view of originating and terminating traffic to meet customer needs for accounting, monitoring or
network planning data. The key mechanism for enhancing NetFlow data volume manageability
is careful planning of NetFlow deployment. NetFlow can be deployed incrementally (i.e.
interface by interface) and strategically (i.e. on well chosen routers) —instead of widespread
deployment of NetFlow on every router in the network.