Netflow is a Cisco-designed protocol for collecting IP traffic information and monitoring network flow for security and troubleshooting. It allows you to get high-level aggregated traffic collection and an accurate measurement of network traffic flow and volume. Once the data has been properly formatted, NetFlow collectors forward the data to another application for analysis.
When you enable Netflow on the IR1800 device, you apply the flow monitor to a interface by entering the Netflow collector IP address. The image shown below is a sample configuration for the minimum required fields in a flow record for applications such as Cisco StealthWatch to determine unique flows. If any additional fields are needed, add them to the record with additional collect statements. See Network Device Security for more information on configuring Netflow.
The Cisco Umbrella features details reporting and data analytics so you can spot trends and understand the security risk of specific attacks on your network and endpoints. You can view reports that track activity for every device or gain broad visibility into what's happening across your organization (see viewing reports on the Umbrella dashboard in Network Device Security). By enabling the Umbrella option, all connected clients behind the DNS traffic are forced to go through to the Umbrella Cloud and conform to the Umbrella Rules you have created to regulate various access controls very broadly or specifically. For example, a rule with lower priority can block access to a wide swath of web sites for all users on a network. A rule with higher priority can allow access to web sites for a specific group of users on that same network that would have otherwise been blocked. You can accomplish this selectivity within the same ruleset without having to create a new ruleset for a specific group of users. See Creating Web Policies for more information on Umbrella Rules.
Note: If you use VPN, use the Umbrella roaming client AnyConnect for mobile devices such as laptops or mobile phones.
IMPORTANT: When you enable Umbrella configuration, the device performs an automatic reload during the configuration update on Cisco-provided eCVDs (Cisco Validated Design). This will increase your wait time.
Firewall allows you to create an access control list (ACL) to permit or deny traffic from a data traffic source. Apply the ACL in a Zone-Based Firewall with Ethernet and Cellular WAN interfaces in a protected Internet zone (see Network Device Security). The IR1800 eCVD ACL provides up to six firewall rules, with each rule containing an option to perform the following actions:
Allow or Deny data traffic
Allow or deny IP, UDP, or TCP protocol
Allow or deny specific source IP addresses
Allow or deny specific IP Netmasks
Allow or deny specific Ports
To configure Security settings:
(Optional) Enable Netflow.
Note: If Netflow is disabled, go to Step 3.
Enter the IP Address of the Netflow Collector. This forwards the data to another application (Netflow Analyzer that resides on a specific device) for analysis.