NetFlow, sFlow & IPFIX Sensor for WANGUARD and WANSIGHT

OVERVIEW: The Flow Sensor included in WANGUARD and WANSIGHT is a fully featured flow-based traffic analyzer and collector that support NetFlow v5, v7 and v9, sFlow v4 and v5, and IPFix. Many entry-level and most enterprise-level routers and switches are able to export IP traffic information as flow records using one of the supported flow technologies.
At its core, the Flow Sensor contains a highly scalable traffic correlation engine capable of continuously monitoring hundreds of thousands of IP addresses. Complex statistical algorithms integrate traffic data to build an accurate and detailed picture of real-time and historical traffic flows across the network.
KEY
FEATURES:
  • The Flow Sensor contains a scalable IP traffic monitoring engine able to monitor tens of thousands of IPv4 and IPv6 addresses and IP blocks.
  • Provides traffic accounting reports and per-IP, per-subnet and per-IP group graphs (histograms) for each of the following traffic types: TCP, TCP+SYN, UDP, ICMP, BAD, FLOWS, HTTP, SSL, MAIL, DNS, NTP, RDP, SNMP, SSH, IPSEC, FACEBOOK, YOUTUBE, NETFLIX, HULU
  • Generates tops and graphs for Talkers, External IPs, Autonomous Systems, Countries, TCP ports, UDP ports, IP protocols and IP Groups.
  • Can save individual flows to help the troubleshooting of networks. Flows can easily be searched, filtered, sorted and exported
  • Any number of instances can be deployed across the network. Management and reporting is done from a single, centralized, fully-featured web interface
  • Detects all bandwidth-related traffic anomalies:
    • Distributed Denial of Service ( DDoS ) attacks
    • DNS attacks, NTP attacks, RDP attacks, UDP floods, ICMP floods, SMURF attacks
    • SYN floods, TCP port 0, UDP port 0, LOIC, peer-to-peer attacks
    • Scans and worms sending traffic to illegal or unallocated addresses
    • Unknown volumetric DoS attacks
  • Per endpoint flexible threat reaction options:
    • activate the WANGUARD Filter for DDoS attack mitigation
    • send RTBH / BGP black-holing / null-routing announcements
    • alert the NOC staff by email using user-defined email templates
    • send custom syslog messages to remote log servers
    • capture attack traffic for forensic investigation
    • extend the built-in capabilities with custom scripts accessing the API
  • Easy and non-disruptive installation on commodity hardware
  • The most cost-effective NetFlow ®, sFlow ® and IPFIX monitoring solution on the market

DATASHEET:


Supported Flow Technology
  • NetFlow v5, v7, v9 - including jFlow, NetStream, cflowd, RFlow
  • sFlow v4, v5
  • IPFIX
Maximum Traffic Capacity multiples of 10 Gbps, >150,000 endpoints*
DDoS Detection Time < flow export time + 5 seconds
IP Graphs Accuracy > 60 seconds
Traffic Validation Options IP classes, Interfaces, AS Numbers, Ingress / Egress
* An endpoint is an IP address that belongs to your network. The software is not limited by the number of connections between IPs.

MINIMUM
HARDWARE
REQUIREMENTS:

Capacity Example 10 monitored interfaces, 10k active endpoints
Architecture x86 ( 32 or 64 bit )
Core x CPU 1 x Xeon 2.0 GHz
RAM 4 GB
Network Cards 1 x Fast Ethernet
Operating System* RHEL / CentOS 5 , RHEL / CentOS 6, Debian 6, Ubuntu Server 12, OpenSuSE 12
Disk Space 15 GB ( including OS )
 * Other Linux distributions should work but haven't been tested yet.

TRY IT !

You can download and try the Flow Sensor for 30 days by requesting an evaluation license.
Sensor licenses can be purchased directly from our on-line store.
The answers for several frequently asked questions are listed in the Knowledge Base.
If you have any questions or requests, please don't hesitate to contact us.