WANGuard Flow

OVERVIEW WANGuard Flow is the NetFlow-based WANGuard Sensor module that does both incoming and outgoing traffic monitoring and accounting, as well as traffic anomalies detection ( feature unavailable in the Lite version ).

At it’s core, WANGuard Flow has a highly scalable traffic correlation engine capable of continuously monitoring hundred of thousands of IP addresses. Complex statistical algorithms integrate traffic data to build an accurate and detailed picture of real-time and historical traffic flows across the network.
FEATURES
  • Any number of instances can be deployed across the network and all collected data will be centralized and available through a single web-based interface that you can quickly access from any location (screenshots)
  • You can access various historic or real-time parameters ( top talkers, number of IP addresses, top protocols, protocols distribution etc. ) of the data flowing through router interfaces and switch ports (screenshots)
  • Provides on-demand MRTG-style traffic graphs for every IP address or IP class in your network, for any time frame. Traffic graphs accuracy can be defined between 5 seconds and 10 minutes (screenshots)
  • WANGuard Flow can save individual flows to help the troubleshooting of networks. Flows can be searched, filtered, sorted and exported into Excel.
  • WANGuard Flow is completely scalable and can monitor and generate graphs for hundreds of thousands of IP addresses
  • Detects traffic anomalies and provides per endpoint flexible threat management tools and an easy to use API for configuring the reaction to traffic anomalies:
    • activate WANGuard Filter for DoS, DDoS and DrDoS mitigation or additional threat information (screenshot)
    • alert the NOC staff by email using user-defined email templates (screenshot)
    • send custom syslog messages to remote log servers (screenshot)
    • send BGP announcements for blackholing targeted endpoints (screenshot)
    • execute custom scripts (screenshot) that extend the built-in capabilities such as:
      • configure ACLs or execute PIX "shun" commands to drop traffic towards targeted endpoints
      • send SNMP TRAP messages to SNMP monitoring stations
      • display the routers that are being transited by the anomalous traffic
  • Includes a very flexible billing system for bandwidth based billing (screenshots)
  • Easy and non-disruptive installation on commodity hardware
  • The most cost-effective traffic monitoring, analysis and accounting solution on the market
DATASHEET
WANGuard Flow
Traffic Capturing Technology NetFlow®, sFlow®, NetStream® enabled devices*
Maximum Traffic Capacity 10 GigE, <100,000 endpoints**
Traffic Parameters Accuracy High
Traffic Anomalies Detection Time
 < flow export time + 5 seconds
Traffic Validation Options IP classes, Interfaces, AS Number
 
Minimum System Requirements for analyzing 1 Gigabit Network Interface
 
Architecture x86 ( 32 or 64 bit )
CPU 1 x Pentium IV 1.6 GHz
RAM 2 GBytes
Network Cards 1 x Fast Ethernet
Operating System*** Red Hat Enterprise 5, CentOS 5.x, OpenSuSE 11, SUSE Linux Enterprise 11,
Debian Linux 5, Ubuntu Server 10, FreeBSD 8.x ( 64bit only )
Installed Packages WANGuard-Sensor 4.x
WANGuard-Controller 4.x
Disk Space 5 GB ( including OS )

* Manufacturer devices supporting WANGuard Flow are: Cisco Systems (1400, 1600, 1700, 2500/2600, 3600, 4500/4700, AS5300/5800, 7200/7500, Catalyst 4500, Catalyst 5000/6500/7600, ESR 10000,GSR 12000), Juniper, Extreme Networks, Huawei, 3COM, HP and others.
** An endpoint is an IP address that belongs to your ASN / clients / servers. The software is not limited by the number of connections between your IPs and remote IPs. You can deploy multiple sensors to monitor traffic over 10GigE.
*** Other Linux / BSD distributions should work but haven't been tested yet.
DOWNLOAD You can download WANGuard Flow here.