cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 13

UDT integration with NetFlow question

Buying too much bandwidth can be expensive for a business. and Buying too little could mean lost productivity, and frustration among network users. It would be great to see what traffic users are using, so you could determine what is needed. Netflow will give you information based upon what items are actually crossing a L3 boundary. This can be very helpful. I use this feature a lot, for a variety of purposes.

However, Flow data doesn't intuitively or easily separate the flow between servers and users. Or between mechanical engineers accessing CAD tools via Xceed on Demand, and human resources personnel browsing the internet for resumes. It would be nice if we could use the data obtained from UDT as the source for IP endpoints you want to see of flow traversing Service Provider links. Combining data in this fashion, I could select a variety of ports known to be in use by bandwidth-loving engineers, and then see the Flow data for the IPs associated with those specific ports. In this manner, I could find out that on average HR uses 5 times the bandwidth to Netflix, and nearly all traffic to dilbert.com comes from IT. But, really, it could allow me to profile the WAN and DIA use for different types of employees. Using that data, I could estimate based upon number and type of employees, how much the DIA and WAN bandwidth requirement would be.

I was wondering, is there a similar type of out-of-box use or report that UDT comes with?  If not, this could be a good feature request -- and could be a selling point for people who need to determine requisite bandwidth to purchase from service providers. Has anyone done this sort of thing on their own?

Thanks!

0 Kudos
4 Replies

I do not know of any OOB reports that integrate flow endpoints with UDT endpoints, and I'm not sure it's possible in SWQL. UDT pulls Title, Department, Office, Company, and MemberOfList from AD for each user it finds, and you can link users to an IP, but I don't see any connections in SWQL to NTA.

There's a similar-but-not-the-same feature that just came out in NTA 4.5 where you can correlate flows to specific policies from your Palo Alto. I would definitely recommend creating a feature request for your idea!

0 Kudos
Level 12

Level 13

Well, yes, sort of like that, but not IPAM and UDT, rather NTA and UDT. Similar, yes.

0 Kudos
Level 12

If you would have read the whole thing, you would know it is not strictly for IPAM and UDT but for numerous Orion Products including NTA.