Manual Chapter : Create a Netflow protected server
Applies To:Show Versions
BIG-IQ Centralized Management
Create a Netflow protected server
To create a Netflow protected server, you must have a BIG-IP device on your managed network, running version 14.0 or later. To successfully complete the creation process, you must configure a unique Traffic Matching Criteria.
You create a new Netflow protected server to represent and delineate the backend servers that are being protected from attacks. The Netflow server is hosted on one of the managed BIG-IP devices, and mitigates traffic according to specific metadata. This is done by establishing specific traffic matching criteria that focuses on specific traffic characteristics.
- Go to.The screen displays a list of all DoS protected objects managed by your BIG-IP devices.
- ClickCreateand selectNetflow Protected Server.The screen displays the configuration properties for a Netflow server, where theName,Device, andTraffic Matching Criteriaare required.
- Create a unique Traffic Matching Criteria object for the Netflow server, in theTraffic Matching Criteriasetting, clickAdd.Ensure that you are not replicating all fields for a criteria, on a selected device.If you already have an unassigned Traffic Matching Criteria object for the intended device, you can proceed to the next step.
- Type aNamefor the criteria.
- From theDevicelist, select a device.The VLANs available forthe device you selected are displayed in the bottom half of the screen.
- ForDestination AddressandDestination Port, type the optional destination address and port where traffic is being sent.Using Netflow data, the system matches traffic being sent to this destination IP address and port.
- ForProtocol, select the protocol you want the Netflow protected server to match:TCP,UDP, orAll Protocols.
- ForSource AddressandSource Port, type the optional source address and port from which traffic is being sent.Using Netflow data, the system matches traffic being sent from this IP address and port.
- Add the available VLAN(s) to theSelectedlist from theAvailablelist.
- ClickSave & Close.
- Type a uniqueNamefor the Netflow server.
- FromDevice, select the host BIG-IP device for the Netflow server.Ensure that your selection includes a Traffic Management Criteria that is not currently assigned to a Netflow server on the same device.
- FromTraffic Matching Criteria, select the criteria for your Netfflow server.
- In theThroughput Capacity (Mbps)field, type the maximum allowable throughput in megabits per second for the Netflow server, or selectInfinitefor no limit.The allowed values for this field are between 10-106.
- In thePacket Capacity (pps)setting, specify the maximum packets per second for the Netflow server, or selectInfinitefor no limit.The allowed values for this setting are between 10-1010.
- ForConnection Capacity (cps), specify the maximum connections per second for the Netflow server, or selectInfinitefor no limit.The allowed values for this field are between 10-1010.
- ClickSave & Close.
The new Netflow protected server is added to the protected objects list.
You must deploy the new protected object to enable changes and services to the BIG-IP device. See
Deploy protected objects in Shared Security.