You can enable IPFIX on a distributed firewall. Distributed firewall implements stateful tracking of flows and the tracked flows go through a set of state changes. IPFIX can be used to export data about the status of a flow. The tracked events include a flow creation, flow denial, flow update, and flow tear down.
You can enable flow export for IPFIX on a distributed firewall as follows:
-
In the vSphere Web Client, navigate to .
-
Click the Configuration tab.
- Ensure that Global Flow Collection Status is Enabled.
-
To configure flow collection, navigate to IPFIX:
-
In NSX 6.4.1 and later, navigate to .
-
In NSX 6.4.0, navigate to .
-
- Click Edit next to IPFIX Configuration, and then click Enable IPFIX Configuration.
- In Observation DomainID, enter a 32-bit identifier that identifies the firewall exporter to the flow collector. Valid range is 0–65535.
- In Active Flow Export Timeout, type the time (in minutes) after which active flows are to be exported to the flow collector. The default value is five. For example, if the flow is active for 30 minutes and the export timeout is five minutes, then the flow is exported seven times during its lifetime. One for each creation and deletion, and five times during the active period.
- Click Save.
- In Collector IPs, click Add and enter the IP address and UDP port of the flow collector. Refer to your NetFlow collector documentation to determine the port number.
- Click OK.
- Click Publish Changes.
