Can one customised unique dashboard based on different user-admin access? Yes, custom dashboards can be created with different levels of access - Admin, operator and Guest.
How can I configure the NFA listener port? You can use a maximum of 5 UDP listener ports under Settings > General Settings > Server Settings, add the ports separated by comma without any space and save. You need to restart the service for the changes to take effect.
Can we use multiple ports? Yes you can use multiple ports in NetFlow Analyzer.
Can I integrate firewall with netflow? NettFlow Analyzer can monitor firewalls, routers and switches.
Can dashboard access can be given to monitoring team without login credentials? You can create users with read-only access. Login credentials are required to view the Dashboard.
If customer application( i.e. SAP most IMP ) needs to be prioritized to allocate BW for IN & OUT how can i achieve it if I have Multiple ISPs? In NetFlow Analyzer we can monitor the utilization of the applications from the links. You can create QOS policy for the application to use specific amount of IN and OUT bandwidth from each link and do load balancing.
Where can we configure NBAR and CBQoS? Are these features available for all devices or only for Cisco devices? CBQOS is based on the SNMP and NBAR can be configured over the flows.
What is NetFlow Analyzer license based on? user / device / BW size ? The License for NetFlow Analyzer is based on the number of monitored interfaces of a device: low Analyzer licensing is based on the number of interfaces to be monitored from your routing and switching devices. Eg. Consider you have 10 devices, each with 1 LAN, 1 WAN and 1 VLAN interface, which comes to a total of 30 interfaces. If you need reports for only the WAN and VLAN interfaces from each device, then you need a 20 interface license for NetFlow Analyzer. So, it is the monitored interfaces that count and not the total number of interfaces in your network.
If customer has multiple ISPs how does the BW consumption identified? Bandwidth consumption is identified based on the Interfaces of the Network Devices separately. If for example 2 WAN connections are in a single interfaces, we have the option to monitors links separately with our IP group feature.
Can application mapping be done based on ip or subnet? Yes
We need ap association or disassociation. How do I get that? We do not have that option. We show the bandwidth details from the Controller, associated AP , SSID and Clients connected.
Let's say we have two data centers, switches on the edge of each DC send sFlow to NFA. We need to see network utilization on inter-DC link per-subnet (not per individual IP) - is it possible in NFA? I mean that all individual IP traffic data needs to bu summarized under subnet. This is quite often scenario since each project usually resides in a subnet(s) but not individual IPs. Also we need some programmable import of these subnets into NFA, since we have hundreds of subnets. Yes we can achieve this using our IP grouping feature.
Is NetFlow Analyzer a software? How does it integrate in the network? What is the requirement? It is an on-premise software that has to be installed in your network server. The server can be a Windows or Linux machine.
Does it integrate with LDAP? We currently integrate with AD for application logins.
Can we get ap association and disassociation alarms? We can get the Alert based on bandwidth consumption of applications.
Once application is discovered, is it possible to allocate Zero bandwidth IN & Out for any specific domain or class e.g. DoDOS etc? We have the option to create a Policy and class for a specific criteria with our integration with NCM for Cisco Device and also we allow to push the Access List to block a specific service.
How can I add WLC? We support Cisco and Aruba WLC as these support flow export. You need to configure your WLC device to export the flows and we auto discover the devices based on the flows.
How can I configure NBAR? NBAR (Network Based Application Recognition) is an Cisco Feature which gives detailed information of the actual Application taking the bandwidth in the Network.NBAR does the deep pack inspection on the layer 7 traffic to get the actual Application traffic. Supported for Cisco, Palo Alto Firewall and Fortigate Firewalls.
Does it control In & Out based on class? We fetch the class details based on the Policy configured. If the Policy is configured in IN direction or OUT direction, based on that we get the Class details.
What is the prerequisite for AVC? Cisco ASR 1K and ISR G2 support AVC metric export.
How does bandwidth allocation happen i.e. most critical should get max BW? We use SNMP to get the actual or available bandwidth on an interface and based on that we provide you the utilization details. We get the Top talkers using flows.
Does it identify Inbound & outbound separately? Yes it identifies the IN and OUT traffic details separately.
Please elaborate on IPSLA. The IPSLA is a technology for Cisco devices which will help you in monitoring VOIP traffic and WAN availability. To Know more about IPSLA monitoring in NetFlow Analyzer please refer the below link : https://www.manageengine.com/products/netflow/help/class-based-qos/whatiscbqos.html https://blogs.manageengine.com/netflowanalyzer/2011/05/12/branch-office-monitoring-in-netflow-analyzer-using-cisco-ip-sla-wan-rtt-technology-part-ii.html You can also send us email at netflowanalyzer-support@manageengine.com for a detailed personalized demo.
Does it auto discover the application which consume the bandwidth? Yes it auto-discovers the applications using the Port and Protocol mappings based on IANA standards.
If you are monitoring a switch, do you need to set up NetFlow on the uplink port and the individual switch ports? You have to enable NetFlow only on your uplink ports.
Will it log which switch port the traffic came from so you can identify the person who is using excessive web traffic? It will have the IP address of the source from which the traffic was generated and you have the resolve DNS option available from which you could clearly identify the person/device who used the traffic
If I have 4 10GB interfaces in a port channel, where should I enable the NetFlow? NetFlow should be enabled on the port channel right.
How do I add an interface? Interfaces get added automatically once the corresponding flows are received.
What is "binary-over-http" in AVC? "binary-over-http" is our internal customized application, Please refer the below link for detailed information, https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_nbar/prot_lib/configuration/xe-3s/nbar-prot-lib/nbar-prot-b.html
What impact does having heavily encrypted traffic on the network? Does this application assume that network traffic is in the clear? No. It will categorize the traffic with respect to the encryption protocol, EX, ESP, GRE.
NetFlow Analyzer seems very Cisco specific. What value do I get if I'm not a cisco shop? Is Cisco the targeted manufacturer for this application? As of now Cisco is exporting these information in flow packets. If other vendors can provide these information or any other information in flow packets, we are ready to take it . Cisco is not the targeted manufacturer. Cisco features are Add-ons, while the base product is multi vendor supported.
What is the best way to report on potentially slow internet access from our ISP link (a specific interface with NetFlow configured). Scenerio: Someone on the LAN submits a ticket saying that their internet connection is slow. How can I provide information either verifying that our ISP link is over utilized or that the connectivity problem is the external server they are trying to connect to? Using NetFlow Analyzer, you can see the type of traffic and who, what and how the bandwidth is been utilized. Also, the interface is utilization you see in NetFlow is the utilized bandwidth. If your wan interface is Cisco, you can use IPSLA feature to check if your isp is providing you the promised bandwidth.
Why should we use/enable raw data? Netflow analyzer has 2 types of data. Raw and aggregated data. Raw data contains every flow received from the device. This is a huge data and has port level information.
How are IPs gathered in NetFlow? Flow data contains the information regarding ips and more. This flow is sent by the router/switch/firewall.
How do we find total the volume utilized by a group? In the inventory tab, you can navigate to the groups section and see the drill down.
I just enabled netflow on a device that I already had on monitoring. Now it shows up on flow analysis but I see its IP but not it's name. You can update SNMP to get the device names and interface names.
Is AVC supported? Should it be configured separately?Yes, it is supported only on cisco device. Contact Support@netflowanalyzer.com for config details.
Is the traffic shown in application for a particular ip or for the whole network?Under app tab, the application is for the entire the network but when you drill down you navigate to appropriate interface/ip.
I have a group where utilization is above 100%. What should I do?Group speed might be configured incorrectly while creating the group. Please edit and set correct speed.
Is there a possibility for me to know what the traffic that someone is using business hours , and identify him by his name , alert him and block him if passed the threshold?As of now we have an option to find who is using much traffic and what are those traffic, alert can be generated but blocking is not available. You can do it manually using NCM add-on.
I am getting only separate in and out traffic reports but not both in and out.Please check the device configuration. Make sure you have enabled flow on all in.
Should NAT be done to get the ips in the NetFlow Analyzer?Not mandatory,
How to schedule report for the Interface utilization?Navigate to reports, schedule reports, you can select the type as traffic report and configure it.
What does group speed mean?It is the sum of individual interface speeds.
Let's say I have a group of 2 hosts. How can I foresee/define group speed?It will be the speed of the interface associated to it.
Is NetFlow Analyzer NMS or EMS?Both the versions are available as different editions.
How does the AWS, cloud level monitoring work in NetFlow Analyzer?NetFlow Analyzer does not support AWS.
Do NetFlow Anaylzer and OpManager work on same server or should they be installed separately?We have Opmanager plus where you can avail multiple licenses with single installation.
Can you help me on installing the product? Is there any help guide? You can refer this PDF to help you with the installation:
For more information, refer help guide http://help.netflowanalyzer.com/
Does NetFlow Analyzer have automatic discovery? Yes. Once you enable the flow commands on your devices, the devices start sending flows to Netflow server. Once the flows reaches to the server the device will discover automatically.
My Netflow has a different interface look. What is the latest version. Perhaps I need an upgrade? The latest version of NetFlow Analyzer is 12.3.086. You need to upgrade if you are in 10.2.50 11.0.00, 12.000,12.1.00 or 12.2.00.
I can't see anything in Application, source, destination and Conversation This could be in MSSQL database due to bcp. Please contact our support team at support@netflowanalyzer.com
Can we have automatic backup of devices in netflow? Yes, We can achieve it using Network Configuration Manager add-on.
Do you support Palo Alto firewall? Yes, NetFlow Analyzer can export flows from Palo Alto firewall.
Can we monitor firewall port for incoming traffic from internet to web servers ? Yes, You can create IP group with web servers ip's and monitor the same.
We use Huawei devices (ex - switch 6800) , I tried to add devices through NCM , cannot find it. NetFlow Analyzer supports Huawei devices. Please contact our support team to know on the configuration steps.
Can you share the price of NetFlow Analyzer? You can check the below link for pricing details.
What is NetFlow Analyzer?NetFlow analyzer is a bandwidth monitoring tool for L3 network devices.
Can we use NetFlow Analyzer in OP Manager?Yes, NetFlow is available with Opmanager too. Please contact eval-itom@manageengine.com for license purchase.
Can I monitor NetFlow if I don't have firewall?NetFlow Analyzer supports all Layer 3 devices.
Does NetFlow analyzer require Network Configuration Manager?Network Configuration manager is available as an add-on for NetFlow Analyzer.
How can I monitor NetFlow without firewall in my small office?NetFlow is a type of flow export format supported by cisco devices, where as sFlow is for HP, J-Flow is for juniper and so on. Manageengine supports all types of flow formats. Please contact our support team eval-itom@manageengine.com with the list of Layer 3 devices in your network. We will assist you with the configuration and setup.
For a 2 GB LAG interface (uses 30% capacity) how much storage will NetFlow Analyzer require for 3 months of data?We have calculation for disk usage. Please send an email to NetFlowanalyzer-support@manageengine.com.
Can we monitor Layer 2 traffic statistics (i.e., Layer 2 VLAN)?Yes, Layer 2 traffic statistics can be monitored using the IPgroups feature.
is it possible to install NetFlow Analyzer in windows server 2016 Edition and is it possible to use MSSQL 2016?Yes, we support Windows 2016 Edition and MSSQL can be used as the background database.
What information is shown under Top Sites?In case your organization is hosting any application, you will be able to see what the IP-address communicated to that application servers are and the bandwidth utilized.
What can be done with the help of Flow Filter settings?Flow filter settings can be used to overcome Technical/Environmental exceptions and limitations.
How can I send emails to several users on a particular alert?You can mention the e-mail addresses separated by commas ",".
How does NFA decrypt HTTPS traffic to identify which application or website is consuming Bandwidth?NFA uses AVC feature in cisco devices (NBAR2).
What is the latest build version?The latest build is version 12.3.0.83
What is the diference between Forticloud analyzer and NetFlow AnalyzerNetFlow Analyzer offers multivendor support. Netflow, sflow, cflow, jflow, netstream and ipfix are supported flow formats.
How does NetFlow Analyzer decrypt encrypted packets?The UDP packet contains the encrypted and decrypted information. We use the UDP packet information to show the application information.
When you have opmanager installed in your server, do you need to install the NetFlow Analyzer?No, NetFlow Analyzer comes as an add-on with Opmanager.
If we move an existing device from one location to another and the IP address changes, do we need to delete and re-add the device?No, NetFlow analyzer will automatically update it.
Is it Possible to monitor Layer 2 interfaces in NetFlow Analyzer?NetFlow Analyzer is capable of only monitoring Layer 3 information from the devices. We can monitor traffic switching that happen between the layer 2 interfaces based on device type.
Is it possible to create Application mapping with port range and IP grane?Yes, we have this option available in NetFlow Analyzer.
Is it possible to configure multiple UDP listener ports in NetFlow Analyzer?Yes we can add maximum of 5 UDP listener ports.
Is it necessary to use Network Configuration Manager to add devices in NetFlow Analyzer?NCM is one of the way to add the devices in bulk in NetFlow Analyze. We can configure the devices manually as well to be added in NetFlow Analyzer.
Created IP group in NetFlow Analyzer but there is no data or wrong showing?Check if the created IP Groups is associated to correct interface and the interface is collecting data.
Do I need to delete and re-add the device if I replace ths existing one?If the devices is replaced and has a same IP, SNMP update for the device should be enough.
If unknown interface/vlan/IP in my router gets under DOS attack, then how do I identify the attacked IP fastest?We do have an add on feature called ASAM which will provide you the information based on security events happening on an interface this will be covered in our next session in detail.
We add devices only if we have to configure export on them?Yes you are correct. We auto discover the device once the device exports the flows.
Why is there so much traffic as Others classified?The default widget shows only top 10 for detailed view you can expand the widget to full view. We will discuss this in detail in the next session.
Will this CBQoS policy fetch directly from the device where QoS policy has been written or need to specify policy separately?We fetch the CBQOS information using SNMP from the device.
I see there are no CISCO SB Routers (RV series) natively supported. Are there plans to support them in the future?NetFlow Analyzer can support any device which can export Netflow or any other flow formats.
What will show in flow analysis standard graphs? Both, in and out traffic or just in or out traffic?Both in and out traffic, and you have option to filter it.
There is an alternative to configure the netflow packages in the broadband links or where the upgrading time is applied in the packages. It is the equipment or it can be malipular in the software (OpManager netflow)?We get the NetFlow information form the Network device. NetFlow Analyzer is an software based solution.
No site-site traffic between certain applications viewable in netflow?Yes, you can create site to site IPgroup with IPaddress/range.
How accurate I can analyse the traffic flow. Is it possible to drill down to one selected minute?Yes you can drill down to 1 min.
How can i view the traffic for example last 3 minutes for all interfaces?You can Generate Compare Reports by selecting all the interfaces and get traffic reports for all in a single report.
What is the time that Neflow monitor if the link is down?Max 15 mins.
So I can configure 1 min?No, if there is no flows received for some time , Netflow analyzer will SNMP poll the device for link down this may happen between 3 min to 15 min.
Which mssql version does NetFlow analyzer support?NetFlow Analyzer support any MSSQL database version above 2008
Is it possible to configure AVC via Network Configuration Manager?Yes, it is possible using configlets.
If we monitor a port channel trunk is that one license or 10 licenses for the 10 clans?Netflow analyzer license based on the number of interfaces.If you monitor a port channel it will come under license.
If NAT is enabled, in that case to view internal IP I must configure to monitor outcome traffic on all interfaces?Yes, if you wish to monitor the traffic before nat, you can monitor the interface before that.
Does it possible to apply ACL for any resources in case of threshold violation?Yes, using NCM add-on.
Is it possible to view traffic based on users?Yes, you can create IP groups based on users IP address and monitor the same.