EDFN Installation Guide

Intended Audience

This information is intended for anyone who wants to install, configure, or maintain External Data Feeder for NFO (EDFN). The information is written for experienced Linux or Windows system administrators who are familiar with virtual machine technology and data center operations.

Before You Install

If you are going to take advantage of NFO NetFlow enrichment functionality, such as GeoIP locations, Cyber Security Threat Lists, or process AWS VPC Flow Logs – External Data Feeder for NFO must be installed on the server with Internet access.
Starting with release 2.7, NFO and EDFN are packaged together and installed on the same machine by default.
If NFO is installed on the server with no internet access, EDFN should be installed separately, and EDFN installed together with NFO could be disabled. In any case External Data Feeder for NFO is administered through NetFlow Optimizer GUI.

Pre-Installation Checklist

Please be sure to have the following before you begin the installation of the External Data Feeder for NFO software:
    You have to login as root for Linux and administrator for Windows installations and updates
    You have successfully installed NetFlow Optimizer and you know its IP address

Minimum Requirements

NetFlow Logic distributes External Data Feeder for NFO as RPM or TAR.GZ for Linux, or as EXE for Windows.

Supported Platforms

You can install External Data Feeder for NFO on a platform with the following specifications.
Specification
Details
Linux
Linux kernel 2.17+ on
Windows
Windows 2012 R2, and 2018 (64-bit)
CPU, Memory, Disk Space
- CPU: Min 4 CPU cores - Memory: 2 GB - Disk Space: 2 GB

Required Network Ports

The following network ports must be allowed for outbound connections.
Port
Protocol
80/TCP
External Data Feeder for NFO Agents Internet communication
443/TCP
External Data Feeder for NFO Agents secure Internet communication
8443/TCP
NetFlow Optimizer communication

Required Internet Destinations

The following Internet destinations must be allowed for outbound http-connections.
URL
Agent
http://rules.emergingthreats.net/
C&C list
http://geolite.maxmind.com/
Geo locations monitor
http://reputation.alienvault.com/
Host reputation monitor
https://secure.dshield.org/
Threat Feeds addresses
https://feeds.dshield.org/
Threat Feeds IP blocks
https://<custom.threat.list>
Additional Security Threats list

Last modified 6mo ago