Help
There are two main steps to configure NetFlow on Palo Alto device:
1) Define a NetFlow server profile : specifies the frequency of the export along with the NetFlow servers that will receive the exported data.
2) Assigning the profile to firewall interface :all traffic flowing over this interface is exported to the specified servers.
Step 1:
For defining a NetFlow server profile you have to navigate to Device > Server Profiles > NetFlow in the GUI. Here you will see the following settings:
Name : Enter a name for the NetFlow settings.
Template Refresh Rate : Specify the number of minutes or number of packets after which the NetFlow template is refreshed (we recommend 1 Min; packets range 1-600, default 20).
Active Timeout : Specify the frequency at which data records are exported for each session (we recommend 1 Min).
Export PAN-OS Specific Field Types : Export PAN-OS specific fields such as App-ID and User-ID in Netflow records.
Server Name : Specify a name to identify the server.
Server : Specify the host name or IP address of the server.
Port : Specify the port number for server access (default 9996).
Step 2:
Once we have configured the NetFlow profile the next step is to assign the profile to firewall interface, for this navigate to Network > Interfaces > Ethernet. Click the link for the interface on the Ethernet tab, and specify the NetFlow Profile. Post configuration, you can discover your device by navigating to Inventory > Devices or Network > Flow Analysis
Important note: There's an occasional traffic spike sent by Palo Alto device, and NetFlow shows the same in the traffic graphs.