SonicWALL 232-000861-00 manual Flow Analytics Module

Flow Analytics Module

The Flow Analytics Module brings traffic flow diagnostics to the next level by adding historical reporting for an unrestricted period of time, advanced alarming with the ability to set thresholds, role-based administration, and in- depth traffic analysis algorithms to the Scrutinizer software. It can easily identify top applications, conversations, flows, protocols, domains, countries, and subnets on the network, as well as watch for and alert on suspicious or potentially hazardous network behavior patterns thereby providing administrators with greater network security awareness.

In addition to the base-level features Scrutinizer with the add-on Flow Analytics module provides several additional advanced features, such as:

•Flexible Reporting

o SonicWALL specific templates for reporting

o Special traffic analysis reports such as Flow Volume & NBAR Support o MPLS reporting by subnet

o Microsoft Exchange log trend analysis

o Puts information at administrators fingertips

Easily identify the top applications being utilized on the network

Easily identify the top country of origin for traffic flowing across the network

Easily identify the top domains being accessed

Easily identify the top subnets being utilized on the network

With the addition of the Flow Analytics module Scrutinizer becomes an even more powerful reporting engine offering even greater flexibility and granularity. In addition to all the reporting functions provided in the base edition, Scrutinizer with Flow Analytics adds advanced reporting options such as flow volume, MPLS by subnet, Microsoft Exchange log trending and NBAR support. Administrators have with a wealth of information right at their fingertips. IT administrators can create custom reports by applying filters to granularly define the specific information desired. Once created, custom reports can be saved for later use. Custom Reports allow the user to configure detailed reports by filtering on fields such as: IP Addresses, ranges and subnets; Port numbers and ranges; Defined applications including ranges of protocols and groups of protocols; Multiple interfaces from different routers and switches; Any exported field available via NetFlow or IPFIX; Dynamic QoS monitoring; Detailed security / forensic information

The Flow Analytics Module adds several additional flow based traffic analysis report types. Examples include but are not limited to: Granular IPFIX based application visualization reports for SonicWALL products; Flexible NetFlow NBAR based application reports (requires IOS v15 on Cisco routers); Conversations to/from host pairs and applications used; Flow reports with ToS field; Host flow reports to show hosts sending or receiving the most flows; Host volume reports to show the volume of unique hosts per second; Pair volume reports to show the volume of unique to/from address pairs per second

•‘Set It & Forget It’ Alerting

o Easily create alerts to notify administrators of unfinished flows or nefarious activities

o Alerts can trigger email notifications, SNMP traps, syslog messages, and script execution (facilitating event remediation)

o Alarms can be configured to alert administrators based upon specific interface utilization o Administrators can be alerted based on any pre-defined report

o Reports can be scheduled, then emailed to administrators o Administrators can proactively monitor QoS of RTSP traffic

The Flow Analytics add-on to Scrutinizer provides administrators with greater automation control making routine advanced reporting a snap. Alerts can be configured based upon everything from unfinished flows to specific interface utilization. Further, administrators can configure QoS thresholds to proactively be alerted of RTSP latency and jitter before end users even reports a problem.

SonicWALL Scrutinizer 9.0.1 Release Notes

P/N 232-000861-00 Rev A

9