© Copyright 2012 -2016 NetFlow Logic Corporation. All rights reserved. Patents Pending.

NetFlow Integrator™ Standard Edition

Release Notes

Version 2.4.6 (Build 2.4.6.0.1)

September 2016

NetFlow Integrator Standard Release Notes NetFlow Logic Confidential 1

Contents

WHAT’S NEW IN THIS RELEASE ................................................................................................................................ 2

BUILD 2.4.6.0.1 ....................................................................................................................................................................... 2

Improve Integration with Active Directory ................................................................................................................... 2

Support IPFIX variable length fields ................................................................................................................................. 2

Add support of Cisco AVC fields ........................................................................................................................................... 2

BUILD 2.4.5.0.1 ....................................................................................................................................................................... 2

Ability to disable NFI Admin account ............................................................................................................................... 2

Improve NFI internal logs reporting ................................................................................................................................ 2

Add throttling rate parameter to Server config file .................................................................................................. 2

Introduce timeout parameter in SNMP Service .......................................................................................................... 2

BUILD 2.4.4.0.33 .................................................................................................................................................................... 3

Support Firewall High-Speed Logging (HSL) fields ................................................................................................... 3

Top Pairs Monitor Module: List of Destinations Ports is Preloaded .................................................................. 3

Proxy Support for NFI Updater ........................................................................................................................................... 3

New Module: Microsegmentation Analyzer and Planning ..................................................................................... 3

New Module: Enhanced Traffic Monitor 2 ..................................................................................................................... 3

Identify VMs with identical IP addresses ........................................................................................................................ 3

Module: Asset Access Monitor - Add IPv6 support ..................................................................................................... 3

Add User Messages when NFI Updater parameters are changed ....................................................................... 3

WHAT’S BEEN FIXED IN THIS RELEASE ................................................................................................................... 4

BUILD 2.4.5.0.1 ....................................................................................................................................................................... 4

Add external error code descriptions ............................................................................................................................... 4

Module Top Pairs Monitor (20064) takes into account bytes in and out in bidirectional flows

reported by Cisco ASA .............................................................................................................................................................. 4

Memory leak when Module 10025: Outbound Mail Spammers Monitor and sFlow Original Flow

Data are both enabled ............................................................................................................................................................. 4

BUILD 2.4.4.0.33 .................................................................................................................................................................... 4

Module: Network Operations Analytics (20183) incorrectly detects the values of fields vxlan_id,

src_vhost_ip and src_vtep_ip in case of layer2_segment_id is equal to 0.......................................................... 4

NFI installed as Virtual Appliance intermittently drops the incoming flows when flow rate exceeds

30,000 FPS .................................................................................................................................................................................... 4

KNOWN ISSUES ........................................................................................................................................................... 5

Memory Leak after Known malicious hosts list has been updated..................................................................... 5

Dashboard: statistics logging interval not displayed ............................................................................................... 5

Java Update: update fails ....................................................................................................................................................... 5

Unable to apply License using IE v9 browser ............................................................................................................... 5

NetFlow Integrator Standard Release Notes NetFlow Logic Confidential 2

What’s New in this Release

Build 2.4.6.0.1

Improve Integration with Active Directory

Add “use DNS” feature when configuring integration with Active Directory (AD). This allows NFI administrators not to

configure each AD server separately (NFC-7512, NFC-7531).

Support IPFIX variable length fields

NFI Original Flow Data functionality supports IPFIX variable length fields. These fields are encountered in Cisco AVC

templates, and in Barracuda NextGen Firewall (NFC-7530).

Add support of Cisco AVC fields

Top Traffic Monitor and Top Pairs Monitor Modules support Cisco AVC IPFIX templates (NFC-7515).

Build 2.4.5.0.1

Ability to disable NFI Admin account

Add ability to disable admin account after NFI Active Directory integration is configured (NFC-7414).

Improve NFI internal logs reporting

When NFI configuration is changed, now the userid performing the action is added to the internal log, including old

value and new value of changed parameters. (NFC-7363, NFC-7373).

Add throttling rate parameter to Server config file

When NetFlow Integrator is deployed with rsyslog on the same machine, syslog messages sent from NFI on

loopback interface (e.g. 127.0.0.1) could be lost. It is recommended to set throttling parameter to control NFI output

rate to avoid flooding rsyslog input buffers (NFC-7424).

Please contact support@netflowlogic.com for assistance.

Introduce timeout parameter in SNMP Service

SNMP implementation on Juniper QFabric System differs from that of other devices running Junos OS. It is

recommended to set SNMP timeout to 5 seconds or longer for the QFabric system to complete the responses to

NetFlow Integrator requests (NFC-7332). To change default SNMP timeout setting (1 sec) go to:

NetFlow Integrator > Advanced > Services > SNMP data retrieval

For more information on QFabric SNMP see http://www.juniper.net/techpubs/en_US/junos14.1/topics/concept/snmp-

qfx3000-understanding.html

NetFlow Integrator Standard Release Notes NetFlow Logic Confidential 3

Build 2.4.4.0.33

Support Firewall High-Speed Logging (HSL) fields

Cisco ASR 1000 devices report netflow with proprietary fields. For more information see

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_zbf/configuration/xe-16/sec-data-zbf-xe-16-book/sec-data-

fw-hsl.html

NFI support for all these fields in Original Flow Data (NFC-7260).

Top Pairs Monitor Module: List of Destinations Ports is Preloaded

Top Pairs Monitor Module: List of destinations ports is based on IANA list (NFC-7310).

http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml

Proxy Support for NFI Updater

NFI Updated can be installed behind your proxy server. Proxy configuration has been added to NFI configuration

(NFC-7290).

New Module: Microsegmentation Analyzer and Planning1

This Module reports VM-to-VM and VM-to-Host conversations to help in the planning and design of where to add

micro-segmentation for improving the security, performance, and the overall manageability of virtual machines. Some

of the features include:

Enable / disable NetFlow in VMware VDS and port groups from NFI (NFC-7191)

Identify VMs with duplicate IP addresses by providing VM Names / MoRef IDs

Supports multiple vCenters

New Module: Enhanced Traffic Monitor 21

This Module reports consolidated stitched flows and contains additional fields such as:

Geo IP information at City level

Host Reputation based on Alienvault Open Threat Exchange (OTX)

Calculated TCP session flow duration

Identify VMs with identical IP addresses

Network Operations Analytics Module 10180 has VM MoRef IDs to identify VMs with identical IP addresses (NFC-

6940).

Module: Asset Access Monitor - Add IPv6 support

(NFC-7261)

Add User Messages when NFI Updater parameters are changed

(NFC-7284)

1 This Module is available on request. Please contact support@netflowlogic.com

NetFlow Integrator Standard Release Notes NetFlow Logic Confidential 4

What’s Been Fixed in this Release

Build 2.4.5.0.1

Add external error code descriptions

NFI Updater used to pass error codes received from built-in components (e.g. Tomcat). Now in addition to error code,

code description is added to the message (NFC-7345).

Example: Unexpected response code: 407 - Proxy Authentication Required

Module Top Pairs Monitor (20064) takes into account bytes in and out

in bidirectional flows reported by Cisco ASA

Cisco ASA Version 9.2 and above NSEL reports bidirectional flows with bytes forward and reversed

(NF_F_FWD_FLOW_DELTA_BYTES and NF_F_REV_FLOW_DELTA_BYTES). The Module now takes advantage

of these data elements when calculating bytes in and out in Host Pairs reporting (NFC-7362).

Memory leak when Module 10025: Outbound Mail Spammers Monitor

and sFlow Original Flow Data are both enabled

(NFC-7462)

Build 2.4.4.0.33

Module: Network Operations Analytics (20183) incorrectly detects the

values of fields vxlan_id, src_vhost_ip and src_vtep_ip in case of

layer2_segment_id is equal to 0

(NFC-7269)

NFI installed as Virtual Appliance intermittently drops the incoming

flows when flow rate exceeds 30,000 FPS

(NFC-7252)

NetFlow Integrator Standard Release Notes NetFlow Logic Confidential 5

Known Issues

Memory Leak after Known malicious hosts list has been updated

Affected Platforms: All

Description: When known malicious hosts list is updated manually or via Updater, about 19MB of memory is not

released (NFC-7023).

Workaround: NFI should restart automatically. Restart manually if unexpected behavior is observed.

Dashboard: statistics logging interval not displayed

Affected Platforms: All

Description: Changing statistics logging interval, when changing the statistics-logging interval the statistics may not display based on the new value (NFC-2092).

Workaround: Reset the statistics to the default of 10 seconds using the reset option.

Java Update: update fails

Affected Platforms: All

Description: Java update can fail if both NetFlow Integrator and the Apache service are still running (NFC-2748).

Workaround: Stop both the NetFlow Integrator and the Apache service, complete the Java update, then Start the Apache services.

Unable to apply License using IE v9 browser

Affected Platforms: All

Description: Unable to apply license key after successful NFI installation using IE v9 browser.

Workaround: NFI 2.4 GUI is based on HTML5. Please use the browser supporting HTML5, such as IE v10, Firefox

v33, or Chrome v38.