Manual Chapter : Create a Netflow protected server

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 7.1.0
Manual Chapter

Create a Netflow protected server

To create a Netflow protected server, you must have a BIG-IP device on your managed network, running version 14.0 or later. To successfully complete the creation process, you must configure a unique Traffic Matching Criteria.
You create a new Netflow protected server to represent and delineate the backend servers that are being protected from attacks. The Netflow server is hosted on one of the managed BIG-IP devices, and mitigates traffic according to specific metadata. This is done by establishing specific traffic matching criteria that focuses on specific traffic characteristics.
  1. Go to
    Configuration
    SECURITY
    Shared Security
    DoS Protection
    Protected Objects
    .
    The screen displays a list of all DoS protected objects managed by your BIG-IP devices.
  2. Click
    Create
    and select
    Netflow Protected Server
    .
    The screen displays the configuration properties for a Netflow server, where the
    Name
    ,
    Device
    , and
    Traffic Matching Criteria
    are required.
  3. Create a unique Traffic Matching Criteria object for the Netflow server, in the
    Traffic Matching Criteria
    setting, click
    Add
    .
    Ensure that you are not replicating all fields for a criteria, on a selected device.
    If you already have an unassigned Traffic Matching Criteria object for the intended device, you can proceed to the next step.
    1. Type a
      Name
      for the criteria.
    2. From the
      Device
      list, select a device.
      The VLANs available forthe device you selected are displayed in the bottom half of the screen.
    3. For
      Destination Address
      and
      Destination Port
      , type the optional destination address and port where traffic is being sent.
      Using Netflow data, the system matches traffic being sent to this destination IP address and port.
    4. For
      Protocol
      , select the protocol you want the Netflow protected server to match:
      TCP
      ,
      UDP
      , or
      All Protocols
      .
    5. For
      Source Address
      and
      Source Port
      , type the optional source address and port from which traffic is being sent.
      Using Netflow data, the system matches traffic being sent from this IP address and port.
    6. Add the available VLAN(s) to the
      Selected
      list from the
      Available
      list.
    7. Click
      Save & Close
      .
  4. Type a unique
    Name
    for the Netflow server.
  5. From
    Device
    , select the host BIG-IP device for the Netflow server.
    Ensure that your selection includes a Traffic Management Criteria that is not currently assigned to a Netflow server on the same device.
  6. From
    Traffic Matching Criteria
    , select the criteria for your Netfflow server.
  7. In the
    Throughput Capacity (Mbps)
    field, type the maximum allowable throughput in megabits per second for the Netflow server, or select
    Infinite
    for no limit.
    The allowed values for this field are between 10-10
    6
    .
  8. In the
    Packet Capacity (pps)
    setting, specify the maximum packets per second for the Netflow server, or select
    Infinite
    for no limit.
    The allowed values for this setting are between 10-10
    10
    .
  9. For
    Connection Capacity (cps)
    , specify the maximum connections per second for the Netflow server, or select
    Infinite
    for no limit.
    The allowed values for this field are between 10-10
    10
    .
  10. Click
    Save & Close
    .
The new Netflow protected server is added to the protected objects list.
You must deploy the new protected object to enable changes and services to the BIG-IP device. See
Deploy protected objects in Shared Security.