    Netflow from devices in DMZ


        I need to setup something in my DMZ that can be used as a relay or forwarder of the netflow coming from a router, rather than open up multiple ports in an internal and external firewall. Does anyone know of anything? Will this work correctly?



          You should only need to allow a single port (udp/2055 by default in NTA) from your NetFlow exporters.

          If you don't want to allow multiple source IPs, I think Lancope sells a commercial NetFlow forwarder and I believe the flow-tools package contains an open-source one.