Blue Coat NetFlow Support
As the result of several acquisitions, many products support Blue Coat NetFlow. This post outlines some of the Blue Coat hardware platforms and their support for either NetFlow or IPFIX.
- MACH5 NetFlow support: This WAN optimization solution combines protocol acceleration, compression, object and byte caching, and QoS to help accelerate key applications across WAN connections.
- Blue Coat packet shaper NetFlow support: What’s nifty about this appliance isn’t its support for NetFlow v5, but for Packeteer-2. This proprietary flow export contains all the NetFlow fields as well as PacketShaper-specific data. For example, the traffic class into which the flow was classified (type of policy, number of retransmitted bytes, response time measurement (RTM) data, packet exchange time, and VoIP statistics for RTCP VoIP streams) can all be exported. These details start to rival the types of details you can export using Cisco AVC.
- Blue Coat Crossbeam NetFlow support: This platform runs on XOS, which can generate NetFlow data on the X-Series Platform and forward flows to one or more external NetFlow collectors for analysis. What’s unique about this solution is that the software on each APM generates NetFlow data and forwards it to the CPM, where it is aggregated before transmission to the external NetFlow collector(s). Supported NetFlow versions are v5 and v9, as well as IPFIX.
- CheckPoint NetFlow support has been reportedly available since IPSO 6.2, but not all CheckPoint firewalls can export NetFlow or IPFIX. Support for exporting flows doesn’t appear to be across the entire hardware suite.
- Solera IPFIX support: More and more security vendors are exporting NetFlow and IPFIX. Solera was one of the first non-firewall security vendors to do so.
Keep in mind that just because a vendor touts their NetFlow or IPFIX support doesn’t mean that they support the technology correctly. For example, some salespeople may claim that ‘packeteer-2’ export is basically just NetFlow, but this isn’t true. In most cases, you will be disappointed when you export it to a NetFlow / IPFIX collector only to find that it can’t report on the proprietary format. So make sure you test before you buy!
We've also seen issues where customers can't get expected elements in their vendor's flow exports. For example, TCP flags are often omitted by different vendors, as is DSCP, next hop, and subnet. Whether you will be able to report on these types of information depends on your NetFlow collector.
Good news is, if you need help, you can reach out to our team for free support.