SonicWALL 232-000861-00 manual Flow Analytics Module

Page 9

Flow Analytics Module

The Flow Analytics Module brings traffic flow diagnostics to the next level by adding historical reporting for an unrestricted period of time, advanced alarming with the ability to set thresholds, role-based administration, and in- depth traffic analysis algorithms to the Scrutinizer software. It can easily identify top applications, conversations, flows, protocols, domains, countries, and subnets on the network, as well as watch for and alert on suspicious or potentially hazardous network behavior patterns thereby providing administrators with greater network security awareness.

In addition to the base-level features Scrutinizer with the add-on Flow Analytics module provides several additional advanced features, such as:

Flexible Reporting

o SonicWALL specific templates for reporting

o Special traffic analysis reports such as Flow Volume & NBAR Support o MPLS reporting by subnet

o Microsoft Exchange log trend analysis

o Puts information at administrators fingertips

Easily identify the top applications being utilized on the network

Easily identify the top country of origin for traffic flowing across the network

Easily identify the top domains being accessed

Easily identify the top subnets being utilized on the network

With the addition of the Flow Analytics module Scrutinizer becomes an even more powerful reporting engine offering even greater flexibility and granularity. In addition to all the reporting functions provided in the base edition, Scrutinizer with Flow Analytics adds advanced reporting options such as flow volume, MPLS by subnet, Microsoft Exchange log trending and NBAR support. Administrators have with a wealth of information right at their fingertips. IT administrators can create custom reports by applying filters to granularly define the specific information desired. Once created, custom reports can be saved for later use. Custom Reports allow the user to configure detailed reports by filtering on fields such as: IP Addresses, ranges and subnets; Port numbers and ranges; Defined applications including ranges of protocols and groups of protocols; Multiple interfaces from different routers and switches; Any exported field available via NetFlow or IPFIX; Dynamic QoS monitoring; Detailed security / forensic information

The Flow Analytics Module adds several additional flow based traffic analysis report types. Examples include but are not limited to: Granular IPFIX based application visualization reports for SonicWALL products; Flexible NetFlow NBAR based application reports (requires IOS v15 on Cisco routers); Conversations to/from host pairs and applications used; Flow reports with ToS field; Host flow reports to show hosts sending or receiving the most flows; Host volume reports to show the volume of unique hosts per second; Pair volume reports to show the volume of unique to/from address pairs per second

‘Set It & Forget It’ Alerting

o Easily create alerts to notify administrators of unfinished flows or nefarious activities

o Alerts can trigger email notifications, SNMP traps, syslog messages, and script execution (facilitating event remediation)

o Alarms can be configured to alert administrators based upon specific interface utilization o Administrators can be alerted based on any pre-defined report

o Reports can be scheduled, then emailed to administrators o Administrators can proactively monitor QoS of RTSP traffic

The Flow Analytics add-on to Scrutinizer provides administrators with greater automation control making routine advanced reporting a snap. Alerts can be configured based upon everything from unfinished flows to specific interface utilization. Further, administrators can configure QoS thresholds to proactively be alerted of RTSP latency and jitter before end users even reports a problem.

SonicWALL Scrutinizer 9.0.1 Release Notes

P/N 232-000861-00 Rev A

9

Image 9
Contents Contents New SonicWALL Scrutinizer VPN Report Type Key Features in SonicWALL ScrutinizerEnhanced SonicWALL VoIP Reporting including New Host Destination Report Page Scrutinizer Product Overview Scrutinizer Base Product AdministrationSupported Protocols & Other Technical Specifications Flow Analytics Module Page Advanced Troubleshooting Service Provider ModuleThird Party Product Integration Customer Portal Enablement of Traffic and Usage Based BillingCisco Advanced Reporting Module Citrix Advanced Reporting ModuleCross Check Module Flowalyzer NetFlow & sFlow Tester Known Issues Clicking the Logalot Report Manager button Resolved IssuesDashboard tab Groups DefinitionsWhat is NetFlow? How to Upgrade to the Licensed VersionWhat is sFlow? What are the different versions of NetFlow available?How is NetFlow different from traffic analyzers like MRTG? What if I need features that Scrutinizer does not support?Is Cisco the only vendor supporting NetFlow? Is a trial version of Scrutinizer available for evaluation?Command to type ip flow-cache timeout inactive How do I setup SSL with Scrutinizer? Scrututil.exe -resetadminpassword UsernameExample scrututil How do I use a different drive for storing data?Resetmysqlpassword Can Scrutinizer run in VMWare?How do I exclude Scrutinizer in Symantec AntiVirus? Where can I find the Scrutinizer manual? Related Technical DocumentationHow do I know how much hard drive space I will need?