Welcome!

Network Aware, Business Secure

Michael Patterson

Subscribe to Michael Patterson: eMailAlertsEmail Alerts
Get Michael Patterson via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Related Topics: PC Security Journal, Security Journal

Blog Feed Post

Barracuda IPFIX Support: Network Threat Detection

Earlier this year Barracuda Networks enabled IPFIX support on their NG Series firewalls. This export provides great visibility into your network traffic as well as network Threat Detection.

Let’s take a moment to go over the configuration to get these exports going:

Step 1 Enable global IPFIX streaming

IPFIX streaming needs to be globally enabled within the General Firewall Configuration.

  • Navigate to Config Tree > Box > Infrastructure Services > General Firewall Configuration > Audit and Reporting.
  • Set Enable IPFIX/Netflow to YES.

Barracuda Firewall: IPFIX - NetFlow Reporting

Step 2 Configure the IPFIX Collector

  • Click Set… or Edit… (Settings) within the IPFIX Streaming section.
  • Select the desired Exporting Mode.  (The most common protocol is UDP.)
  • Enter the IP address of the 3rd party IPFIX collector application into the Collector IP field.
  • Enter the listening port of the 3rd party IPFIX collector application into the Collector Port field. (Make sure that it is a port that the collector is listening on)

Barracuda IPFIX Export Setup

Step 3 Configure Firewall Audit delivery via IPFIX

  • Navigate to Config Tree > Box > Infrastructure Services > General Firewall Configuration > Audit and Reporting.
  • Set Generate Audit Log to YES.
  • Click Set… or Edit… (Audit Log Data) within the IPFIX Streaming section.
  • Select Send-IPFIX in the Audit Delivery drop-down menu.

Barracuda Audit Log Send IPFIX

To Enable Streaming HTTP Proxy Access Logs

Global IPFIX streaming should already be globally enabled within the General Firewall Configuration from the step above.

If it isn’t:

  • Navigate to Config Tree > Box > Infrastructure Services > General Firewall Configuration > Audit and Reporting.
  • Set Enable IPFIX/Netflow to YES.

To configure HTTP Proxy Service

  • Navigate to Config Tree > Box > Virtual Servers > <Server Name> > Assigned Services > HTTP Proxy > HTTP Proxy Settings > Basic.
  • Set IPFIX Streaming to within the Log Settings section to YES.

HTTP Proxy Settings IPFIX Streaming

Now that that’s done, I want to talk about your overall network security solution.

We all know that enterprise networks are facing ever-increasing security threats from worms, port scans, DDoS, and network misuse. And Barracuda Networks surely provides an effective monitoring solution that quickly detects these activities. But Barracuda, as with most firewall and intrusion detection systems (IDS) are deployed at the edge of the network.

Who is monitoring the traffic traversing laterally on your core?

NetFlow is capable of providing a unique view on the entire traffic of a network at the infrastructure level.

When a network administrator enables the NetFlow export on the routers, switches, and firewalls on the network, the devices in the network essentially become a security probe. Using the flow exports and the right NetFlow reporting solution to detect these activities can be a valuable enhancement to your security solution.

The right analysis tool provides proactive detection of network infrastructure security events, minimizing the time and labor involved in locating and resolving problems.

There is no silver bullet for security detection on large network infrastructure, but with NetFlow we can attain further insight into the traffic crossing your entire network — and make it run better.

Do you want to learn how you can turn your network traffic into a valuable security tool?

Scott Robertson
Sr. Solutions Engineer

For a free 30 day trial of Scrutinizer, Download Now

Sign up for Advanced NetFlow Training coming to a city near you!



Read the original blog entry...

More Stories By Michael Patterson

Michael Patterson, is the founder & CEO of Plixer and the product manager for Scrutinizer NetFlow and sFlow Analyzer. Prior to starting Somix and Plixer, Mike worked in a technical support role at Cabletron Systems, acquired his Novell CNE and then moved to the training department for a few years. While in training he finished his Masters in Computer Information Systems from Southern New Hampshire University and then left technical training to pursue a new skill set in Professional Services. In 1998 he left the 'Tron' to start Somix and Plixer.