Network Traffic
Enabling Netflow Agent
Genian NAC 6.0 can monitor network traffic by utilizing the Netflow Agent function of a sensor. This flow information of connected devices provides enhanced Network Observability which is a crucial component for enforcing NAC 6.0 policies. Once enabled, the Netflow Agent will log flows of all traffic flowing through the sensor. Information logged in flows includes but is not limited to:
Source IP Address
Destination IP Address
Protocol (UDP/TCP)
Source Port
Destination Port
Application
Geolocation Data
User (which user the flows are associated with)
Number of Packets
Number of Bytes
Flow Start (date/time)
Flow End (date/time)
Note
In order to see flows utilizing the Netflow Agent, traffic from an endpoint must be flowing through a network sensor. To route traffic through a sensor, following the instructions below to deploy a cloud gateway and NAC 6.0 client.
Controlling Access to Cloud Resources
To enable the Netflow Agent on the network sensor:
Go to System > Sensor in the top panel
Click on Edit Sensor Settings for the tap_1 sensor interface
Scroll down to Traffic Monitoring section and toggle Netflow Agent to On
Click Update at the bottom of the page
To test and validate that flow data is being collected and logged:
Go to Log > Flow in the top panel
Flows should be populated for any traffic routing through the network sensor
Note
Only flows for connected NAC 6.0 clients will be logged.
To view connected NAC 6.0 clients:
Go to System > Site in the top panel
Under the NAC 6.0 - Client column, click on the (*) link to view connected clients
Flows from these clients should be visible in the flow logs
To view summary information for flow data:
Go to Dashboard in the top panel
Click on Flow Data tab in Dashboard
View various widgets including Top Traffic by Source IP, Destination IP, User, etc.