Good morning folks, I'm looking for advice on a freely available IPFIX probe/sensor for flow export of our company's corporate firewall (Juniper SRX) traffic. An unfortunate limitation of these firewalls is that J-Flow (Juniper's version of Netflow) is unsupported when operating in an HA firewall cluster (which we have). I could replace the firewalls with a pair of OpenBSD firewalls, and would prefer this, however I'm unable to at this point for reasons I won't get into.
I've setup port-mirroring on our Brocade ICX switch that monitors all the SRX firewall interfaces and mirrors to an interface on an OpenBSD 5.4 server I setup to act as sensor/collector. I'd like to be able promiscuously capture the mirror port traffic and export in IPFIX format to something like NfSen/NFDUMP. The sensor solution needs to support 802.1q as we have several VLAN interfaces on the firewall so traffic sampled from the mirror-port interface contains both tagged and untagged traffic. I've tried using softflowd exporting to flowd but it doesn't seem to support 802.1q or IPFIX (yet). Any other suggestions or advice is greatly appreciated. Cheers, -Chris
