Add a traffic class to NetFlow

Use this task when you need to monitor, filter, and export specific types of network traffic using NetFlow on a Threat Defense device. Adding a traffic class helps you focus on relevant traffic for security or operational analysis.

Procedure

Step 1

Choose Devices > Platform Settings and create or edit the Firewall Threat Defense policy.

Step 2

Select NetFlow.

Step 3

Click the Enable Flow Export toggle to export NetFlow data.

Step 4

Click Add Traffic Class to configure the traffic class.

Step 5

In the Name field, enter the name of the traffic class that must match the NetFlow events.

Step 6

In the Type field, choose the traffic class to filter the type of traffic you want to capture:

  • Default—The traffic class that is matched if none of the traffic classes matches the traffic.

  • Access List—The specific traffic class that must match the traffic captured for the NetFlow events.

Step 7

If you select Access List as the Type, then select the access list object from the Access List Object drop-down list.

Note

You can also click the (add icon) icon to create a new extended access list object. See Configure Extended ACL Objects.

Step 8

In Event Types, check the checkboxes for the different NetFlow events that you want to capture and send to the collectors.

Step 9

Click OK.