    using netflow in the DMZ


      anyone using NetFlow from your DMZ routers to your internal Orion server?

      if so, any issues with firewalls, performance, security, etc?

      any do's and dont's you can mention?



          Actually, this is something that we wanted to do at my work but our Information Security department nix'd it because we don't allow anything to pass from the DMZ straight to the inside.  We have ended up with another Solarwinds server with NTA in the DMZ management zone just for collecting the DMZ netflows and monitoring devices.  We own a unlimited license of Solarwinds which we thought would entitle us to this type of configuration but it did not.  We had to get an additional license of Orion NPM and NTA for the DMZ server.

            We send Netflow in and we have never had any issues. Just make sure you properly secure the connection through the firewall. Good Luck!