You are here: Home Software WANGUARD Sensor for NetFlow, sFlow & IPFIX

NetFlow, sFlow & IPFIX Sensor for WANGUARD and WANSIGHT

OVERVIEW: Many routers and switches can collect IP traffic statistics on monitored interfaces, and later export those statistics as flow records, towards the Flow Sensor to do the actual traffic analysis. It can be used by WANGUARD and WANSIGHT.
At its core, the Flow Sensor has a highly scalable traffic correlation engine capable of continuously monitoring hundreds of thousands of IP addresses. Complex statistical algorithms integrate traffic data to build an accurate and detailed picture of real-time and historical traffic flows across the network.
KEY
FEATURES:
  • The Flow Sensor is completely scalable and can monitor and generate graphs for thousands of IP addresses
  • Any number of instances can be deployed across the network
  • It detects bandwidth-related traffic anomalies as soon as it receives the flows:
    • ICMP floods, SMURF attacks
    • SYN floods, LOIC
    • Peer-to-peer attacks
    • DNS attacks, UDP floods
    • Distributed Denial of Service ( DDoS ) attacks
    • Volumetric DoS attacks
    • Scans and worms sending traffic to illegal or unallocated addresses
  • Can be used together with the WANGUARD Filter to mitigate DDoS attacks
  • The Flow Sensor can save individual flows to help the troubleshooting of networks
  • Flows can be searched, filtered, sorted and exported
  • Easy and non-disruptive installation on commodity hardware
  • The most cost-effective NetFlow ®, sFlow ® and IPFIX monitoring solution on the market

DATASHEET:
Supported Flow Technology
  • NetFlow v5, v7, v9 - including jFlow, NetStream, cflowd, RFlow
  • sFlow v4, v5
  • IPFIX ( beta )
Maximum Traffic Capacity multiples of 10 Gbps, >10,000 endpoints*
DDoS Detection Time < flow export time + 5 seconds
IP Graphs Accuracy > 60 seconds
Traffic Validation Options IP classes, Interfaces, AS Numbers, Ingress / Egress
* An endpoint is an IP address that belongs to your network. The software is not limited by the number of connections between IPs.

DEVICE MANUFACTURERS
SUPPORTING
FLOW SENSOR:

 
Cisco Systems ( ASR 1000, ISR G1, ISR G2 - 800, 1800, 1900, 2800, 2900, 3800, 3900 -, 1700, 3660, Catalyst 4500, Catalyst 6500, Cisco 7500, 7600, 10000, 12000, ASR 9000, CRS-1, C3KX-SM-10G, XR12000 ), Adtran ( NetVanta 3200, 3305, 4305, 5305, 1524, 1624, 3430, 3448, 3130, 340, and 344 ), AlaxalA Networks ( AX7800R , AX7800S , AX7700R , AX5400S ), Alcatel ( OmniSwitch 6850 , OmniSwitch 9000), Allied Telesis ( SwitchBlade 7800R series , SwitchBlade 7800S series , SwitchBlade 5400S series ), Brocade ( BigIron series, FastIron series, IronPoint series, NetIron series,SecureIron series, ServerIron series ), Barracuda ( Barracuda NG Firewall ), Comtec Systems ( !-Rex 16Gi & 24Gi & 24Gi-Combo ), Dell - Force 10 Networks ( PowerConnect 6200 series, PowerConnect 8200 series, E series ), D-Link ( DGS-3600 series ), Enterasys, Extreme Networks ( Alpine 3800 series, BlackDiamond 6800 series, BlackDiamond 8800 series, BlackDiamond 10808, BlackDiamond 12804C , BlackDiamond 12804R ,Summit X450 Series , Summit i series ), Fortigate ( FortiSwitch series, FortiGate series ),Huawei, H3C, Hewlett-Packard ( ProCurve 2610 series, ProCurve 2800 series , ProCurve 2900 series, ProCurve 2910al series, ProCurve 3400cl series , ProCurve 3500yl series , ProCurve 4200vl series , ProCurve 5300xl series , ProCurve 5400zl series , ProCurve 6200yl series , ProCurve 6400cl series , ProCurve 6600 series, ProCurve 8212zl, ProCurve Wireless Edge Services xl Module, ProCurve Wireless Edge Services zl Module, ProCurve Access Point 530ProCurve 9300m series , ProCurve Routing Switch 9408sl ), Hitachi ( GR4000 , GS4000 , GS3000 ), Juniper Networks, Maipu ( S3300 Series, S3400 Series, S3900 Series ), MikroTik, NetGear ( GSM7352S-200, GSM7328S-200 ),Nortel ( 5500 & 8600 Series ), NEC ( IP8800/R400 series , IP8800/S400 series , IP8800/S300 series ), Palo Alto, Riverbed, Sonicwall ( SonicWall NSA E5500 ), Vyatta ( Vyatta 514, Vyatta 2500 series, Vyatta Virtual Router, Firewall, VPN )
 * Other flow exporters should work but haven't been tested yet.

MINIMUM
HARDWARE
REQUIREMENTS:
Capacity Example 10 monitored interfaces, 10k active endpoints
Architecture x86 ( 32 or 64 bit )
Core x CPU 1 x Xeon 2.0 GHz
RAM 4 GB
Network Cards 1 x Fast Ethernet
Operating System* RHEL / CentOS 5 , RHEL / CentOS 6, Debian 6, Ubuntu Server 12, OpenSuSE 12
Disk Space 15 GB ( including OS )
 * Other Linux distributions should work but haven't been tested yet.

TRY IT !

 You can download and try the Flow Sensor for 30 days by requesting an evaluation license.
Sensor licenses can be purchased directly from our on-line store.
If you have any questions or requests, please don't hesitate to contact us.