These instructions assume:
- The date, time and time zone are correctly set on the firewall.
- You have administration access to the Palo Alto dashboard.
- The IP address of your Auvik collector is known.
If you are using a shared collector and want TrafficInsights to associate flow data with the correct site, you must add the source IP address as a dedicated /32 network within Auvik.
For example:
192.168.1.10/32Even if the source IP address is already included in a larger monitored subnet, a dedicated /32 entry is required for TrafficInsights to correctly associate flow records with the appropriate site.
After making this change, it may take several minutes before flow data appears in TrafficInsights.
Access the Palo Alto web interface
- Open a web browser and type in the IP address of the Palo Alto firewall.
- Log into your firewall.
Create a NetFlow server profile
- Select Device > Server Profiles > NetFlow and click Add.
- Enter TrafficInsights as the name for the profile.
- Set the default Template Refresh Rate to 5 minutes and 20 packets.
- For the Active Timeout, set the value at 1 minute.
- Select the checkbox for the PAN-OS Field Types.
- For each NetFlow collector section, click Add.
- Name: TrafficInsights
- Server: <Auvik Collector IP>
- Port: <2055, 2056, 4432, 4739, 6343, 9995 or 9996>
- Click Okay.
Assign the NetFlow server profile
The steps below specify a LAN interface for collecting NetFlow data. For a different interface, choose your desired interface in step 2.
- Select Network > Interfaces > Ethernet.
- Click a LAN interface to edit it.
- In the NetFlow Profile drop-down, select the TrafficInsights server profile.
- Click Okay.