Here is a quick visual guide to Netflow configuration for Palo Alto firewalls being monitored by LogicMonitor.
Summary
- Define a Netflow Export profile
- Assign the profile to an interface
- Commit the configuration
First, log in to Palo Alto firewall. Navigate to Device -> Server Profiles -> Netflow:
Next, add a new Netflow Server Profile that points to the LogicMonitor collector specified:
Now navigate to Network -> Interfaces -> Ethernet:
Open the interface that you wish to monitor flows on and select the created Server Netflow Profile:
Repeat this step for any additional interfaces you wish to see flow data from. When you’re finished, commit the configuration. Now you can ensure that you have enabled Netflow monitoring for each device in your LogicMonitor portal to begin collecting data.