NetFlow, sFlow & IPFIX Analyzer and Collector for WANGUARD and WANSIGHT

OVERVIEW: The Flow Sensor included in WanGuard and WanSight is a fully-featured flow-based traffic analyzer and collector that supports NetFlow version 5, 7 and v9; sFlow version 4 and 5; and IPFix. At its core, the Flow Sensor contains a highly scalable traffic correlation engine capable of continuously monitoring hundreds of thousands of IP addresses in real time. Complex statistical algorithms integrate traffic data to build an accurate and detailed picture of real-time and historical traffic flows across the network.

KEY FEATURES
AND BENEFITS:
  • Contains a completely scalable IP traffic analysis engine able to monitor, in real time, tens of thousands of IPv4 and IPv6 addresses and ranges
  • Management and reporting through a single web-based Console with a unified, holistic presentation
  • Detects all bandwidth-related traffic anomalies (when used with a WanGuard license), such as:
    • Distributed Denial of Service (DDoS) attacks, unknown volumetric DoS attacks
    • NTP amplification attacks, generic UDP floods, ICMP floods, SMURF attacks
    • SYN floods, TCP/UDP port 0, LOIC, peer-to-peer attacks
    • Scans and worms sending traffic to illegal or unallocated addresses, missing traffic to/from critical services
  • Per-endpoint flexible threat reaction options (when used with a WanGuard license), such as:
    • Activate on-premise DDoS attack mitigation with WanGuard Filter
    • Send remotely-triggered BGP black hole announcements
    • Send BGP off-/on-ramp traffic diversion announcements to on-premise / on-cloud DDoS mitigation services
    • Email alerts with user-defined dynamic templates
    • Send custom Syslog messages to remote log servers or SIEM systems
    • Extend the built-in capabilities by executing your own scripts with access to over 70 operational parameters through an easy-to-use API
  • Provides traffic accounting reports and per-IP, subnet or IP group graphs for each of the following traffic classes: total, tcp, tcp+syn, tcp+rst, tcp+ack, tcp+syn+ack, tcp-null, udp, icmp, other, bad, flows, flows+syn, http, https, ssl, mail, dns, sip, ntp, rdp, snmp, ssh, ipsec, ssdp, facebook, youtube, netflix, hulu, and more to come
  • Generates tops and graphs for talkers, external IPs, IP groups, autonomous systems, countries (based on GeoIP), TCP or UDP ports, IP protocols, and more
  • Users can save individual flows for forensic investigation and for aiding network troubleshooting. Flows can easily be searched, filtered, sorted and exported
  • Can compute bidirectional flows and aggregate flows after IP protocol, IP address, IPv4/IPv6 address with custom netmask, TCP/UDP port, VLAN label, AS number, BGP next/previous AS, SNMP interface numbers, next hop, MAC address, ToS, MPLS, and more
  • The short-term accuracy of bandwidth graphs can be set between 30 seconds and 10 minutes. Long-term accuracy can be set to any number of years
  • Any number of instances can be deployed across the network
  • Easy and non-disruptive installation on commodity hardware
  • The most affordable NetFlow ®, sFlow ® and IPFIX monitoring tool on the market

DATASHEET:
Supported Flow Technology*:
  • Cisco NetFlow v5, v7, v9 - incl. jFlow, Cflowd from Juniper and Alcatel, NetStream from Huawei, FlowMon
  • sFlow v4, v5
  • IPFIX
Capacity / Flow Sensor Instance: 1 flow exporter with tens of 10 GbE interfaces
DDoS Detection Time: ≤ flow export time + 5 seconds
IP Graphing Accuracy: ≥ 60 seconds
Traffic Validation Options: IP classes, Interfaces, AS Numbers, Ingress/Egress
* Many entry-level and most enterprise-level routers and switches are able to export IP traffic information as flow records using one of the supported flow technologies.

MINIMUM SYSTEM
REQUIREMENTS:   
Architecture: 64 bit (x86), VMs not recommended
CPU: 2.0 GHz dual-core Xeon
RAM: 4 GB
Network Cards: 1 x Gigabit Ethernet
Operating System*: Red Hat / CentOS 6 or 7, Debian 6 or 7, Ubuntu Server 12 or 14, OpenSUSE 13
Disk Space: 15 GB (including OS)
 * Other Linux distributions may work but have not yet been tested.

The Flow Sensor does not have a limit on the number of interfaces or a limit for flows/second. Each Flow Sensor instance can process the flows of a single flow exporter. A server with enough RAM can run tens of Flow Sensor instances. For Flow Sensors, the size of the RAM is much more important than the CPU speed.
When the Flow Collector feature is enabled, the Flow Sensor stores all received flows on the local disk in a compressed binary format.

ADDITIONAL
INFORMATION:
You can download and try the Flow Sensor for 30 days by requesting an evaluation license.
Flow Sensor licenses can be purchased through the online store.
Frequently asked questions are answered in the User Guide and Knowledge Base.
If you need any further information, do not hesitate to contact us.