netflow integrator standard edition · netflow integrator standard release notes ... and in...
TRANSCRIPT
© Copyright 2012 -2016 NetFlow Logic Corporation. All rights reserved. Patents Pending.
NetFlow Integrator™ Standard Edition
Release Notes
Version 2.4.6 (Build 2.4.6.0.1)
September 2016
NetFlow Integrator Standard Release Notes NetFlow Logic Confidential 1
Contents
WHAT’S NEW IN THIS RELEASE ................................................................................................................................ 2
BUILD 2.4.6.0.1 ....................................................................................................................................................................... 2
Improve Integration with Active Directory ................................................................................................................... 2
Support IPFIX variable length fields ................................................................................................................................. 2
Add support of Cisco AVC fields ........................................................................................................................................... 2
BUILD 2.4.5.0.1 ....................................................................................................................................................................... 2
Ability to disable NFI Admin account ............................................................................................................................... 2
Improve NFI internal logs reporting ................................................................................................................................ 2
Add throttling rate parameter to Server config file .................................................................................................. 2
Introduce timeout parameter in SNMP Service .......................................................................................................... 2
BUILD 2.4.4.0.33 .................................................................................................................................................................... 3
Support Firewall High-Speed Logging (HSL) fields ................................................................................................... 3
Top Pairs Monitor Module: List of Destinations Ports is Preloaded .................................................................. 3
Proxy Support for NFI Updater ........................................................................................................................................... 3
New Module: Microsegmentation Analyzer and Planning ..................................................................................... 3
New Module: Enhanced Traffic Monitor 2 ..................................................................................................................... 3
Identify VMs with identical IP addresses ........................................................................................................................ 3
Module: Asset Access Monitor - Add IPv6 support ..................................................................................................... 3
Add User Messages when NFI Updater parameters are changed ....................................................................... 3
WHAT’S BEEN FIXED IN THIS RELEASE ................................................................................................................... 4
BUILD 2.4.5.0.1 ....................................................................................................................................................................... 4
Add external error code descriptions ............................................................................................................................... 4
Module Top Pairs Monitor (20064) takes into account bytes in and out in bidirectional flows
reported by Cisco ASA .............................................................................................................................................................. 4
Memory leak when Module 10025: Outbound Mail Spammers Monitor and sFlow Original Flow
Data are both enabled ............................................................................................................................................................. 4
BUILD 2.4.4.0.33 .................................................................................................................................................................... 4
Module: Network Operations Analytics (20183) incorrectly detects the values of fields vxlan_id,
src_vhost_ip and src_vtep_ip in case of layer2_segment_id is equal to 0.......................................................... 4
NFI installed as Virtual Appliance intermittently drops the incoming flows when flow rate exceeds
30,000 FPS .................................................................................................................................................................................... 4
KNOWN ISSUES ........................................................................................................................................................... 5
Memory Leak after Known malicious hosts list has been updated..................................................................... 5
Dashboard: statistics logging interval not displayed ............................................................................................... 5
Java Update: update fails ....................................................................................................................................................... 5
Unable to apply License using IE v9 browser ............................................................................................................... 5
NetFlow Integrator Standard Release Notes NetFlow Logic Confidential 2
What’s New in this Release
Build 2.4.6.0.1
Improve Integration with Active Directory
Add “use DNS” feature when configuring integration with Active Directory (AD). This allows NFI administrators not to
configure each AD server separately (NFC-7512, NFC-7531).
Support IPFIX variable length fields
NFI Original Flow Data functionality supports IPFIX variable length fields. These fields are encountered in Cisco AVC
templates, and in Barracuda NextGen Firewall (NFC-7530).
Add support of Cisco AVC fields
Top Traffic Monitor and Top Pairs Monitor Modules support Cisco AVC IPFIX templates (NFC-7515).
Build 2.4.5.0.1
Ability to disable NFI Admin account
Add ability to disable admin account after NFI Active Directory integration is configured (NFC-7414).
Improve NFI internal logs reporting
When NFI configuration is changed, now the userid performing the action is added to the internal log, including old
value and new value of changed parameters. (NFC-7363, NFC-7373).
Add throttling rate parameter to Server config file
When NetFlow Integrator is deployed with rsyslog on the same machine, syslog messages sent from NFI on
loopback interface (e.g. 127.0.0.1) could be lost. It is recommended to set throttling parameter to control NFI output
rate to avoid flooding rsyslog input buffers (NFC-7424).
Please contact [email protected] for assistance.
Introduce timeout parameter in SNMP Service
SNMP implementation on Juniper QFabric System differs from that of other devices running Junos OS. It is
recommended to set SNMP timeout to 5 seconds or longer for the QFabric system to complete the responses to
NetFlow Integrator requests (NFC-7332). To change default SNMP timeout setting (1 sec) go to:
NetFlow Integrator > Advanced > Services > SNMP data retrieval
For more information on QFabric SNMP see http://www.juniper.net/techpubs/en_US/junos14.1/topics/concept/snmp-
qfx3000-understanding.html
NetFlow Integrator Standard Release Notes NetFlow Logic Confidential 3
Build 2.4.4.0.33
Support Firewall High-Speed Logging (HSL) fields
Cisco ASR 1000 devices report netflow with proprietary fields. For more information see
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_zbf/configuration/xe-16/sec-data-zbf-xe-16-book/sec-data-
fw-hsl.html
NFI support for all these fields in Original Flow Data (NFC-7260).
Top Pairs Monitor Module: List of Destinations Ports is Preloaded
Top Pairs Monitor Module: List of destinations ports is based on IANA list (NFC-7310).
http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml
Proxy Support for NFI Updater
NFI Updated can be installed behind your proxy server. Proxy configuration has been added to NFI configuration
(NFC-7290).
New Module: Microsegmentation Analyzer and Planning1
This Module reports VM-to-VM and VM-to-Host conversations to help in the planning and design of where to add
micro-segmentation for improving the security, performance, and the overall manageability of virtual machines. Some
of the features include:
Enable / disable NetFlow in VMware VDS and port groups from NFI (NFC-7191)
Identify VMs with duplicate IP addresses by providing VM Names / MoRef IDs
Supports multiple vCenters
New Module: Enhanced Traffic Monitor 21
This Module reports consolidated stitched flows and contains additional fields such as:
Geo IP information at City level
Host Reputation based on Alienvault Open Threat Exchange (OTX)
Calculated TCP session flow duration
Identify VMs with identical IP addresses
Network Operations Analytics Module 10180 has VM MoRef IDs to identify VMs with identical IP addresses (NFC-
6940).
Module: Asset Access Monitor - Add IPv6 support
(NFC-7261)
Add User Messages when NFI Updater parameters are changed
(NFC-7284)
1 This Module is available on request. Please contact [email protected]
NetFlow Integrator Standard Release Notes NetFlow Logic Confidential 4
What’s Been Fixed in this Release
Build 2.4.5.0.1
Add external error code descriptions
NFI Updater used to pass error codes received from built-in components (e.g. Tomcat). Now in addition to error code,
code description is added to the message (NFC-7345).
Example: Unexpected response code: 407 - Proxy Authentication Required
Module Top Pairs Monitor (20064) takes into account bytes in and out
in bidirectional flows reported by Cisco ASA
Cisco ASA Version 9.2 and above NSEL reports bidirectional flows with bytes forward and reversed
(NF_F_FWD_FLOW_DELTA_BYTES and NF_F_REV_FLOW_DELTA_BYTES). The Module now takes advantage
of these data elements when calculating bytes in and out in Host Pairs reporting (NFC-7362).
Memory leak when Module 10025: Outbound Mail Spammers Monitor
and sFlow Original Flow Data are both enabled
(NFC-7462)
Build 2.4.4.0.33
Module: Network Operations Analytics (20183) incorrectly detects the
values of fields vxlan_id, src_vhost_ip and src_vtep_ip in case of
layer2_segment_id is equal to 0
(NFC-7269)
NFI installed as Virtual Appliance intermittently drops the incoming
flows when flow rate exceeds 30,000 FPS
(NFC-7252)
NetFlow Integrator Standard Release Notes NetFlow Logic Confidential 5
Known Issues
Memory Leak after Known malicious hosts list has been updated
Affected Platforms: All
Description: When known malicious hosts list is updated manually or via Updater, about 19MB of memory is not
released (NFC-7023).
Workaround: NFI should restart automatically. Restart manually if unexpected behavior is observed.
Dashboard: statistics logging interval not displayed
Affected Platforms: All
Description: Changing statistics logging interval, when changing the statistics-logging interval the statistics may not display based on the new value (NFC-2092).
Workaround: Reset the statistics to the default of 10 seconds using the reset option.
Java Update: update fails
Affected Platforms: All
Description: Java update can fail if both NetFlow Integrator and the Apache service are still running (NFC-2748).
Workaround: Stop both the NetFlow Integrator and the Apache service, complete the Java update, then Start the Apache services.
Unable to apply License using IE v9 browser
Affected Platforms: All
Description: Unable to apply license key after successful NFI installation using IE v9 browser.
Workaround: NFI 2.4 GUI is based on HTML5. Please use the browser supporting HTML5, such as IE v10, Firefox
v33, or Chrome v38.