Adding Applications to the Monitoring Session
Gigamon supports the following GigaSMART applications:
| Sampling |
| Slicing |
| Masking |
| NetFlow |
You can optionally use these applications to optimize the traffic sent from your instances to the monitoring tools.
Sampling
Sampling lets you sample the packets randomly based on the configured sampling rate and then forwards the sampled packets to the monitoring tools.
To add a sampling application:
| 1. | Drag and drop Sample from APPLICATIONS to the graphical workspace. |
| Figure 42 | Dragging the Sample Application |
| 2. | Click Sample and select Details. |
| Figure 43 | Selecting Details |
| 3. | In the Alias field, enter a name for the sample. |
| Figure 44 | Viewing Sample Application Quick View |
| 4. | For State, select the On check box to determine that the application is sampling packets randomly. Select the Off check box to determine that the application is not currently sampling the packets. The state can be changed at anytime whenever required. |
| 5. | From the Sampling Type drop-down list, select the type of sampling: |
| Random Simple — The first packet is selected randomly. The subsequent packets are also selected randomly based on the rate specified in the Sampling Rate field. |
For example, if the first packet selected is 5 and the sampling rate is 1:10, after the 5th packet a random 10 packets are selected for sampling.
| Random Systematic —The first packet is selected randomly. Then, every nth packet is selected, where n is the value specified in the Sampling Rate field.For example, if the first packet selected is 5 and the sampling rate is 1:10, then every 10th packet is selected for sampling: 15, 25, 35, and so on. |
| 6. | In the Sampling Rate field, enter the ratio of packets to be selected. The default ratio is 1:1. |
| 7. | Click Save. |
Slicing
Packet slicing lets you truncate packets after a specified header and slice length, preserving the portion of the packet required for monitoring purposes.
To add a slicing application:
| 1. | Drag and drop Slice from APPLICATIONS to the graphical workspace. |
| Figure 45 | Dragging the Slice Application |
| 2. | Click the Slice application and select Details. |
| Figure 46 | Selecting Details |
| 3. | In the Alias field, enter a name for the slice. |
| Figure 47 | Viewing Slice Application Quick View |
| 4. | For State, select the On check box to determine that the application is slicing packets. Select the Off check box to determine that the application is not currently slicing the packets. The state can be changed at a later time whenever required. |
| 5. | In the Slice Length field, specify the length of the packet that must be sliced. |
| 6. | From the Protocol drop-down list, specify an optional parameter for slicing the specified length of the protocol. The options are as follows: |
| None |
| IPv4 |
| IPv6 |
| UDP |
| TCP |
| 7. | Click Save. |
Masking
Masking lets you overwrite specific packet fields with a specified pattern so that sensitive information is protected during network analysis.
To add a masking application:
| 1. | Drag and drop Mask from APPLICATIONS to the graphical workspace. |
| Figure 48 | Dragging the Mask Application |
| 2. | Click the Mask application and select Details. |
| Figure 49 | Selecting Details |
| 3. | In the Alias field, enter a name for the mask. |
| Figure 50 | Viewing Mask Application Quick View |
| 4. | For State, select the On check box to determine that the application is masking packets. Select the Off check box to determine that the application is not currently masking the packets. The state can be changed at anytime whenever required. |
| 5. | In the Mask offset field, enter the offset from which the application should start masking data following the pattern specified in the Pattern field. |
The value can be specified in terms of either a static offset, that is, from the start of the packet or a relative offset, that is, from a particular protocol layer as specified in the Protocol field.
| 6. | In the Mask length field, enter the length of the packet that must be masked. |
| 7. | In the Mask pattern field, enter the pattern for masking the packet. The value of the pattern is from 0 to 255. |
| 8. | From the Protocol drop-down list, specifies an optional parameter for masking packets on the data coming from the selected protocol. |
| 9. | Click Save. |
NetFlow
NetFlow collects IP network traffic on all interfaces where NetFlow monitoring is enabled. It gathers information about the traffic flows and exports the NetFlow records, which includes data and templates, to at least one NetFlow collector. The application that serves as a NetFlow collector receives the NetFlow data sent from exporters, processes the information, and provides data visualization and security analytics.
The following are the key benefits of NetFlow application:
| Compresses network information into a single flow record. |
| Facilitates up to 99% reduction in data transferred. |
| Accelerates the migration of mission-critical workloads. |
| Provides summarized information on traffic source leader in a bidirectional clock relationship (formerly master) and destination, congestion, and class of service. |
| Identifies and classifies DDOS attacks, viruses, and worms in real-time. |
| Secures network against internal and external threats. |
| Identifies top consumers and analyzes their statistics. |
| Reduces the cost of security monitoring. |
| Analyzes the network flows based on algorithms and behavior rather than signature matching. |
| Analyzes east-west traffic between flows within and across VPCs. |
The NetFlow application contains key elements that specify what to match in the flow, such as all packets with the same source and destination port, or the packets that come in on a particular interface. For information about Match/Key fields, refer to Match/Key Fields. A NetFlow record is the output generated by NetFlow. A flow record contains non-key elements that specify what information to collect for the flow, such as when the flow started or the number of bytes in the flow. For information about Match/Key fields, refer to Collect/Non-Key Fields.
Figure 10 NetFlow on GigaVUE V Series Node shows an example of a NetFlow application created on a GigaVUE V Series node in the monitoring session.
| Figure 51 | NetFlow on GigaVUE V Series Node |
The NetFlow record generation is performed on GigaVUE V Series node running the NetFlow application. In Figure 10 NetFlow on GigaVUE V Series Node, incoming packets from G-vTAP Agents are sent to the GigaVUE V Series node. In the GigaVUE V Series node, one map sends the TCP packet to the version 5 NetFlow application. Another map sends the UDP packet to a sampling application. The map rules and applications such as slice, mask, and sample can only be applied prior to sending the data to NetFlow.
A NetFlow application examines the incoming packets and creates a single or multiple flows from the packet attributes. These flows are cached and exported based on the active and inactive cache timeout specified in the Netflow application configuration.
The flow records can be sent to a tunnel or to a NAT device for flow inspection. NAT allows the NetFlow records to be directly transmitted to a collector without a tunnel. For more information about NAT, refer to Network Address Translation (NAT) .
The Netflow application exports the flows using the following export versions:
| version 5—The fields in the NetFlow record are fixed. |
| version 9—The fields are configurable, thus a template is created. The template contains information on how the fields are organized and in what order. It is sent to the collector before the flow record, so the collector knows how to decode the flow record. The template is sent periodically based on the configuration. |
| IPFIX—The extended version of version 9 supports variable length fields as well as enterprise-defined fields. |
Match/Key Fields
NetFlow v9 and IPFIX records allow you to configure Match/Key elements.
The supported Match/Key elements are outlined in the following table:
|
Description |
Supported NetFlow Versions |
|
|
Data Link |
||
|
Destination MAC |
Configures the destination MAC address as a key field. |
v9 and IPFIX |
|
Egress Dest MAC |
Configures the post Source MAC address as a key field. |
IPFIX |
|
Ingress Dest MAC |
Configures the IEEE 802 destination MAC address as a key field. |
IPFIX |
|
Source MAC |
Configures the IEEE 802 source MAC address as a key field. |
v9 and IPFIX |
|
IPv4 |
||
|
ICMP Type Code |
Configures the type and code of the IPv4 ICMP message as a key field. |
v9 and IPFIX |
|
IPv4 Dest IP |
Configures the IPv4 destination address in the IP packet header as a key field. |
v9 and IPFIX |
|
IPv4 ICMP Code |
Configures the code of the IPv4 ICMP message as a key field. |
IPFIX |
|
IPv4 ICMP Type |
Configures the type and code of the IPv4 ICMP message as a key field. |
IPFIX |
|
IPv4 Options |
Configures the IPv4 options in the packets of the current flow as a key field. |
IPFIX |
|
IPv4 Src IP |
Configures the IPv6 source address in the IP packet header as a key field. |
v9 and IPFIX |
|
IPv4 Total Length |
Configures the total length of the IPv4 packet as a key field. |
IPFIX |
|
Network |
|
|
|
IP CoS |
Configures the IP Class Of Service (CoS) as a key field. |
v9 and IPFIX |
|
IP DSCP |
Configures the value of a Differentiated Services Code Point (DSCP) encoded in the Differentiated Services field as a key field. |
IPFIX |
|
IP Header Length |
Configures the length of the IP header as a key field. |
IPFIX |
|
IP Precedence |
Configures the value of the IP Precedence as a key field. |
IPFIX |
|
IP Protocol |
Configures the value of the protocol number in the IP packet header as a key field. |
v9 and IPFIX |
|
IP Total Length |
Configures the total length of the IP packet as a key field. |
IPFIX |
|
IP TTL |
For IPv4, configures the value of Time to Live (TTL) as a key field. For IPv6, configures the value of the Hop Limit field as a key field. |
IPFIX |
|
IP Version |
Configures the IP version field in the IP packet header as a key field. |
v9 and IPFIX |
|
IPv6 |
|
|
|
IPv6 Dest IP |
Configures the IPv6 destination address in the IP packet header as a key field. |
v9 and IPFIX |
|
IPv6 Flow Label |
Configures the value of the IPv6 flow label field in the IP packet header as a key field. |
v9 and IPFIX |
|
IPv6 ICMP Code |
Configures the code of the IPv6 ICMP message as a key field. |
IPFIX |
|
IPv6 ICMP Type |
Configures the type of the IPv6 ICMP message as a key field. |
IPFIX |
|
IPv6 ICMP Type Code |
Configures the type and code of the IPv6 ICMP message as a key field. |
IPFIX |
|
IPv6 Payload Length |
Configures the value of the payload length field in the IPv6 header as a key field. |
IPFIX |
|
IPv6 Src IP |
Configures the IPv6 source address in the IP packet header as a key field. |
v9 and IPFIX |
|
Transport |
|
|
|
L4 Dest Port |
Configures the destination port identifier in the transport header as a key field. |
v9 and IPFIX |
|
L4 Src Port |
Configures the source port identifier in the transport header as a key field. |
v9 and IPFIX |
|
TCP AcK Number |
Configures the acknowledgment number in the TCP header as a key field. |
IPFIX |
|
TCP Dest Port |
Configures the destination port identifier in the TCP header as a key field. |
IPFIX |
|
TCP Flags |
Configures the TCP control bits observed for the packets of this flow as a key field. |
v9 and IPFIX |
|
TCP Header Length |
Configures the length of the TCP header as a key field. |
IPFIX |
|
TCP Seq Number |
Configures the sequence number in the TCP header as a key field. |
IPFIX |
|
TCP Src Port |
Configures the source port identifier in the TCP header as a key field. |
IPFIX |
|
TCP Urgent |
Configures the urgent pointer in the TCP header as a key field. |
IPFIX |
|
TCP Window Size |
Configures the window field in the TCP header as a key field. |
IPFIX |
|
UDP Dest Port |
Configures the destination port identifier in the UDP header as a key field. |
IPFIX |
|
UDP Src Port |
Configures the source port identifier in the TCP header as a key field. |
IPFIX |
Collect/Non-Key Fields
NetFlow v9 and IPFIX records allow you to configure Collect/Non-Key elements.
The supported Collect/Non-Key elements are outlined in the following table:
|
Description |
Supported NetFlow Versions |
|
|
Counter |
||
|
Byte Count |
Configures the number of octets since the previous report in incoming packets for the current flow as a non-key field. |
v9 and IPFIX |
|
Packet Count |
Configures the number of incoming packets since the previous report for this flow as a non-key field. |
v9 and IPFIX |
|
Data Link |
||
|
Destination MAC |
Configures the destination MAC address as a non-key field. |
v9 and IPFIX |
|
Egress Des MAC |
Configures the post source MAC address as a non-key field. |
IPFIX |
|
Ingress Des MAC |
Configures the IEEE 802 destination MAC address as a non-key field. |
IPFIX |
|
Source MAC |
Configures the IEEE 802 source MAC address as a non-key field. |
v9 and IPFIX |
|
Timestamp |
||
|
Flow End Millisec |
Configures the absolute timestamp of the last packet of current flow in milliseconds as a non-key field. |
IPFIX |
|
Flow End Sec |
Configures the flow start SysUp time as a non-key field. |
IPFIX |
|
Flow End Time |
Configures the flow end SysUp time as a non-key field. |
v9 and IPFIX |
|
Flow Start Millisec |
Configures the value of the IP Precedence as a non-key field. |
IPFIX |
|
Flow Start Sec |
Configures the absolute timestamp of the first packet of this flow as a non-key field. |
IPFIX |
|
Flow Startup Time |
Configures the flow start SysUp time as a non-key field. |
v9 and IPFIX |
|
Flow |
||
|
Flow End Reason |
Configures the reason for Flow termination as a non-key field. |
IPFIX |
|
IPv4 |
|
|
|
ICMP Type Code |
Configures the type and code of the IPv4 ICMP message as a non-key field. |
v9 and IPFIX |
|
IPv4 Dest IP |
Configures the IPv4 destination address in the IP packet header as a non-key field. |
v9 and IPFIX |
|
IPv4 ICMP Code |
Configures the code of the IPv4 ICMP message as a non-key field. |
IPFIX |
|
IPv4 ICMP Type |
Configures the type of the IPv4 ICMP message as a non-key field. |
IPFIX |
|
IPv4 Options |
Configures the IPv4 options in the packets of the current flow as a non-key field. |
IPFIX |
|
IPv4 Src IP |
Configures the IPv6 source address in the IP packet header as a non-key field. |
v9 and IPFIX |
|
IPv4 Total Length |
Configures the total length of the IPv4 packet as a non-key field. |
IPFIX |
|
Network |
|
|
|
IP CoS |
Configures the IP Class Of Service (CoS) as a key field. |
v9 |
|
IP Protocol |
Configures the value of the protocol number in the IP packet header as a key field. |
v9 |
|
IP Version |
Configures the IP version field in the IP packet header as a key field. |
v9 |
|
IPv6 |
|
|
|
IPv6 Dest IP |
Configures the IPv6 destination address in the IP packet header as a key field. |
v9 |
|
IPv6 Flow Label |
Configures the value of the IPv6 flow label field in the IP packet header as a key field. |
v9 |
|
IPv6 Src IP |
Configures the IPv6 source address in the IP packet header as a key field. |
v9 |
|
Transport |
|
|
|
L4 Dest Port |
Configures the destination port identifier in the transport header as a non-key field. |
v9 and IPFIX |
|
L4 Src Port |
Configures the source port identifier in the transport header as a non-key field. |
v9 and IPFIX |
|
TCP AcK Number |
Configures the acknowledgment number in the TCP header as a non-key field. |
IPFIX |
|
TCP Dest Port |
Configures the destination port identifier in the TCP header as a non-key field. |
IPFIX |
|
TCP Flags |
Configures the TCP control bits observed for the packets of this flow as a non-key field. |
v9 and IPFIX |
|
TCP Header Length |
Configures the length of the TCP header as a non-key field. |
IPFIX |
|
TCP Seq Number |
Configures the sequence number in the TCP header as a non-key field. |
IPFIX |
|
TCP Src Port |
Configures the source port identifier in the TCP header as a non-key field. |
IPFIX |
|
TCP Urgent |
Configures the urgent pointer in the TCP header as a non-key field. |
IPFIX |
|
TCP Window Size |
Configures the window field in the TCP header as a non-key field. |
IPFIX |
|
UDP Dest Port |
Configures the destination port identifier in the UDP header as a non-key field. |
IPFIX |
|
UDP Src Port |
Configures the source port identifier in the UDP header as a non-key field. |
IPFIX |
Adding a Version 5 NetFlow Application
To add a version 5 NetFlow application:
| 1. | Drag and drop NetFlow from APPLICATIONS to the graphical workspace. |
| Figure 52 | Dragging the NetFlow Application |
| 2. | Click the NetFlow application and select Details. A quick view is displayed for configuring the NetFlow application. |
| Figure 53 | Selecting Details |
| 3. | In the Alias field, enter a name for the v5 NetFlow application. |
| Figure 54 | Viewing v5 NetFlow Application Quick View |
| 4. | For State, select the On check box to determine that the application is currently running. Select the Off check box to determine that the application is currently not running. The state can be changed at anytime whenever required. |
| 5. | From the NetFlow version drop-down list, select v5. |
| 6. | In Active cache timeout, enter the number of seconds that an active flow record must remain in the cache before it is exported and removed. The default value is 1800 seconds. |
| 7. | In Inactive cache timeout, enter the number of seconds an inactive flow record must remain in the cache before it times out. The default value is 15 seconds. |
| 8. | Click Save. |
For some examples demonstrating the NetFlow application configuration in the GigaVUE V Series nodes, refer to NetFlow Examples.
Adding a Version 9 and IPFIX NetFlow Application
To add a v9 and IPFIX NetFlow application:
| 1. | Drag and drop NetFlow from APPLICATIONS to the graphical workspace. |
| Figure 55 | Dragging the NetFlow Application |
| 2. | Click the NetFlow application and select Details. A quick view is displayed for configuring the NetFlow application. |
| Figure 56 | Selecting NetFlow Details |
| 3. | In the Alias field, enter a name for the NetFlow application. |
| Figure 57 | Viewing NetFlow Application Quick View |
| 4. | For State, select the On check box to determine that the application is generating NetFlow records from the packets coming from the G-vTAP Agents. Select the Off check box to determine that the application is not currently generating NetFlow records. The state can be changed at anytime whenever required. |
| 5. | From the NetFlow version drop-down list, select the version you want to use to generate the NetFlow records. The default version selected is v5. |
| 6. | In the Source ID field, enter the observation domain to isolate the traffic. The NetFlow application uses source ID to segregate the records into categories. For example, you can assign source ID 1 for traffic coming over TCP. This results in generating a separate NetFlow record for TCP data. Similarly, you can assign Source ID 2 for traffic coming over UDP. This results in generating a separate NetFlow record for UDP data. |
| 7. | From the Match fields drop-down list, select the parameters that identify what you want to collect from the incoming packets. The Match fields displayed in the drop-down list are based on the NetFlow version selected in step 5. Refer to Match/Key Fields |
| 8. | From the Collect fields drop-down list, select the parameters that identify what you want to collect from the NetFlow records. The Collect fields displayed in the drop-down list are based on the NetFlow version selected in step 5. Refer to Collect/Non-Key Fields. |
| 9. | In Active cache timeout, enter the number of seconds that an active flow record must remain in the cache before it is exported and removed. The default value is 1800 seconds. |
| 10. | In Inactive cache timeout, enter the number of seconds an inactive flow record must remain in the cache before it times out. The default value is 15 seconds. |
| 11. | In Template refresh interval, enter the frequency at which the template must be sent to the tool. The default value is 1800 seconds. |
| 12. | Click Save. |
For some examples demonstrating the NetFlow application configuration in the GigaVUE V Series nodes, refer to NetFlow Examples.
Network Address Translation (NAT)
NAT allows the NetFlow records to be directly transmitted to a collector without a tunnel. It lets you configure the destination IP of one or more collectors and the source IP of the GigaVUE V Series node interface through which the NetFlow records are sent out. The NetFlow records are exported to the collector over UDP protocol with the configurable source IP and destination IP.
Note: Only one NAT can be added per monitoring session.
Adding NAT
To add a NAT device:
| 1. | Drag and drop NAT to the graphical workspace. |
| Figure 58 | Adding NAT |
| 2. | Click NAT and select Details. A quick view is displayed for configuring a NAT device. |
| Figure 59 | Selecting Details |
| 3. | In the Alias field, enter a name for the NAT device. |
| Figure 60 | Configuring NAT |
| 4. | (Optional) In Local Subnet, enter a local subnet IP address that you want to assign to the NetFlow record. By default, GigaVUE V Series node auto generates a default local subnet. The subnet that you enter will override the default subnet. |
| 5. | (Optional) In Routes, define the routes to send the flow records to NetFlow collectors. Enter the following: |
| a. | In Destination IP, enter the IP address of the NetFlow collector. For example, if Splunk is the NetFlow collector, enter the IP address of Splunk. |
| b. | In Node Interface Subnet CIDR, enter the GigaVUE V Series node interface subnet Cidr for routing the NetFlow records out from GigaVUE V Series node. |
| c. | Click + to add more routes. Repeat steps a and b to enter the destination IP and node interface CIDR. |
| 6. | Click Save. |
Linking a NetFlow Application to NAT
To create a link from a NetFlow application to a NAT device:
| 1. | Drag and drop a link from the NetFlow application to a NAT device. A Link quick view is displayed. It is a header transformation operation that lets you configure the IPv4 destination IP of the NetFlow collector. |
| Figure 61 | Creating a Link from NetFlow to NAT |
| 2. | In the Alias field, enter a name for the link. |
| 3. | From the Transformations drop-down list, select any one of the header transformations: |
| IPv4 Destination |
| ToS |
| Destination Port |
Note: Only the above three header transformations are allowed on the link from the NetFlow application to a NAT device.
| 4. | In IPv4 Destination, enter the IP address of the NetFlow collector. |
| 5. | (Optional) By default, the Destination Port is 2055. To change the destination port, enter a port number. |
| 6. | Click Save. The transformed link is displayed in Orange. |
| Figure 62 | Linking NetFlow to NAT |
| 7. | Repeat steps 7 to 10 to send additional NetFlow records to NAT. |
NetFlow Examples
This section provides some examples demonstrating the NetFlow application configuration in the GigaVUE V Series nodes.
| Example 1 |
| Example 2 |
Example 1
In this example, a pass all map is created and the entire traffic from a VPC is sent to a tool for full packet inspection. At the same time, a NetFlow application is added to generate flow records for flow inspection.
| 1. | Create a monitoring session. For steps, refer to Create a Monitoring Session. |
| Figure 63 | Creating a Monitoring Session |
| 2. | In the monitoring session, create a Pass all map. A pass all map sends all the traffic received from the G-vTAP Agents to the tunnel endpoint or NAT. For steps, refer to Create a Map. |
| Figure 64 | Creating a Pass All Map |
| 3. | Drag and drop a tunnel from Tunnels. A tunnel encapsulates the flow records and then sends them to the tools for full packet inspection. |
| Figure 65 | Adding a Tunnel |
| 4. | Create a link from the Pass-all map to the tunnel endpoint. The traffic from the Pass-all map is forwarded to the tunnel endpoint that is connected to a tool. |
| Figure 66 | Creating a Link from Pass-all Map to Tunnel_Endpoint |
| 5. | Drag and drop a v5 NetFlow application. |
| Figure 67 | Adding a link from Pass-all Map to Tunnel_Endpoint |
| 6. | Click the NetFlow application and select Details. The Application quick view is displayed. For steps to configure the v5 NetFlow application, refer to Adding a Version 5 NetFlow Application. |
| Figure 68 | Configuring the NetFlow Application |
| 7. | Create a link from the Pass all map to the v5 NetFlow application. |
| Figure 69 | Adding a link from Pass-all Map to v5_NetFlow |
| 8. | Drag and drop NAT to the graphical workspace. A quick view to configure the NAT device is displayed. For steps to configure the NAT device, refer to Adding NAT . |
| Figure 70 | Adding a NAT Device |
| 9. | Create a link from the v5 NetFlow application to NAT. The link must be configured with the destination IP address of the NetFlow collector and the GigaVUE V Series node interface. For steps to configure the link, refer to Linking a NetFlow Application to NAT. |
| Figure 71 | Adding a Link from v5 NetFlow Application to NAT |
| 10. | Click on the link created from the v5 NetFlow application to NAT. The information about the NetFlow collector destination IP and port is displayed. |
| Figure 72 | Viewing the Transformation Dialog Box |
Example 2
In this example, two different versions of NetFlow applications are created. One map is configured to send the TCP packets to the v9 NetFlow application. Another map is configured to send the UDP packets to the IPFIX NetFlow application. The flow records generated from v9 and IPFIX NetFlow application are sent to NAT.
| 1. | Create a monitoring session. For steps, refer to Create a Monitoring Session. |
| Figure 73 | Creating a Monitoring Session |
| 2. | Create a map rule to filter the TCP packets. For steps on creating a map, refer to Create a Map. |
| Figure 74 | Creating a TCP Map |
| 3. | Create another map rule to filter the UDP packets. |
| Figure 75 | Creating a UDP Map |
| 4. | Create another map rule to filter the UDP packets. |
| Figure 76 | Creating a Map to Filter UDP Packets |
| 5. | Drag and drop a NetFlow application. Choose v9 as the NetFlow version. Select the match and the collect fields. For steps to configure the v9 NetFlow application, refer to Adding a Version 9 and IPFIX NetFlow Application. |
| Figure 77 | Adding a v9 NetFlow Application |
| 6. | Create a link from the TCP map to the v9 NetFlow application. |
| Figure 78 | Adding a Link from the TCP Map to v9_netflow Application |
| 7. | Drag and drop a NetFlow application. Choose IPFIX as the NetFlow version. Select the match and the collect fields. For steps to configure the IPFIX NetFlow application, refer to Adding a Version 9 and IPFIX NetFlow Application. |
| Figure 79 | Adding a IPFIX NetFlow Application |
| 8. | Create a link from the UDP map to the IPFIX NetFlow application. |
| Figure 80 | Adding a Link from the UDP Map to the IPFIX NetFlow Application |
| 9. | Drag and drop a NAT. A quick view to configure the NAT is displayed. For steps to configure a NAT, refer to Adding NAT . |
| Figure 81 | Adding a NAT |
| 10. | Create a link from the v9 NetFlow application to the NAT. |
| Figure 82 | Adding a Link from NetFlow Application to NAT |
| 11. | Create another link from the IPFIX NetFlow application to the NAT. |
| Figure 83 | Adding a Link from NetFlow Application to NAT |
| 12. | Click on the link connecting the NetFlow application to the NAT. |
| Figure 84 | Viewing the Header Transformation |
