EDFN Installation Guide
Intended Audience
This information is intended for anyone who wants to install, configure, or maintain External Data Feeder for NFO (EDFN). The information is written for experienced Linux or Windows system administrators who are familiar with virtual machine technology and data center operations.
Before You Install
If you are going to take advantage of NFO NetFlow enrichment functionality, such as GeoIP locations, Cyber Security Threat Lists, or process cloud flow logs from Amazon Web Services (AWS), Microsoft Azure, Oracle Cloud (OCI), and Google Cloud Platform (GCP) – External Data Feeder for NFO must be installed on the server with Internet access.
Starting with release 2.7, NFO and EDFN are packaged together and installed on the same machine by default.
If NFO is installed on the server with no internet access, EDFN should be installed separately, and EDFN installed together with NFO could be disabled. In any case External Data Feeder for NFO is administered through NetFlow Optimizer GUI.
Pre-Installation Checklist
Please be sure to have the following before you begin the installation of the External Data Feeder for NFO software:
- You have to login as root for Linux and administrator for Windows installations and updates
- You have successfully installed NetFlow Optimizer and you know its IP address
Minimum Requirements
NetFlow Logic distributes External Data Feeder for NFO as RPM or TAR.GZ for Linux, or as EXE for Windows.
Supported Platforms
You can install External Data Feeder for NFO on a platform with the following specifications.
| Specification | Details |
|---|---|
| Linux | Linux kernel 2.17+ on |
| Windows | Windows Server 2012 R2, 2016, 2019 (64-bit) |
| CPU, Memory, Disk Space | CPU: Min 4 CPU cores; Memory: 2 GB; Disk Space: 2 GB |
Required Network Ports
The following network ports must be allowed for outbound connections.
| Port | Protocol |
|---|---|
| 80/TCP | External Data Feeder for NFO Agents Internet communication |
| 443/TCP | External Data Feeder for NFO Agents secure Internet communication |
| 8443/TCP | NetFlow Optimizer communication |
Required Internet Destinations
The following Internet destinations must be allowed for outbound http-connections.
| URL | Agent |
|---|---|
| https://rules.emergingthreats.net/blockrules/emerging-botcc.rules | Botnet C&C list |
| https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country-CSV | Geo IP locations monitor |
| https://otx.alienvault.com | AlienVault OTX monitor |
| https://<custom.threat.list> | Additional Security Threats list |