Network Traffic
Enabling Netflow Agent
Genian ZTNA can monitor network traffic by utilizing the Netflow Agent function of a sensor. This flow information of connected devices provides enhanced Network Observability which is a crucial component for enforcing ZTNA policies. Once enabled, the Netflow Agent will log flows of all traffic flowing through the sensor. Information logged in flows includes but is not limited to:
- Source IP Address
- Destination IP Address
- Protocol (UDP/TCP)
- Source Port
- Destination Port
- Application
- Geolocation Data
- User (which user the flows are associated with)
- Number of Packets
- Number of Bytes
- Flow Start (date/time)
- Flow End (date/time)
Note
In order to see flows utilizing the Netflow Agent, traffic from an endpoint must be flowing through a network sensor. To route traffic through a sensor, following the instructions below to deploy a cloud gateway and ZTNA client.
Controlling Access to Cloud Resources
To enable the Netflow Agent on the network sensor:
- Go to System > Sensor in the top panel
- Click on Edit Sensor Settings for the tap_1 sensor interface
- Scroll down to Traffic Monitoring section and toggle Netflow Agent to On
- Click Update at the bottom of the page
To test and validate that flow data is being collected and logged:
- Go to Log > Flow in the top panel
- Flows should be populated for any traffic routing through the network sensor
Note
Only flows for connected ZTNA clients will be logged.
To view connected ZTNA clients:
- Go to System > Site in the top panel
- Under the ZTNA - Client column, click on the (*) link to view connected clients
- Flows from these clients should be visible in the flow logs
To view summary information for flow data:
- Go to Dashboard in the top panel
- Click on Flow Data tab in Dashboard
- View various widgets including Top Traffic by Source IP, Destination IP, User, etc.