Skip to main content
Version: Next

NFO Installation Guide

This guide provides the necessary prerequisites, system requirements, and architectural considerations for installing NetFlow Optimizer (NFO). Whether you are deploying on-premises or in a cloud environment, ensure your host meets these specifications before proceeding to the platform-specific installation steps.

Bundle Note

Starting with NFO version 2.7, the External Data Feeder for NFO (EDFN) is automatically bundled and installed with the NFO software. A separate EDFN installation is only required for specialized distributed architectures.


Before You Begin

A successful installation requires administrative access and a valid license.

  • Administrative Privileges: You must have root access for Linux or Administrator privileges for Windows installations.
  • License Key: An active license is required to output data. You can obtain a FREE evaluation license here.
  • Network Connectivity: Ensure the target host can reach the internet (Port 443) for threat intel and GeoIP updates.

System Requirements & Sizing

The following specifications represent the minimum and recommended requirements for a production NFO deployment.

OptionNumber of HostsIngest RateCPU (Cores)Memory (RAM)Disk SpaceDCI(*)
Small~2002,000 flows/sec28 GB20 GB30
Medium~2,00020,000 flows/sec416 GB20 GB30
Large~5,00050,000 flows/sec832 GB50 GB60
Extra Large10,000+100,000+ flows/sec1664 GB+100 GB+180

(*) Data Collection Interval - flow consolidation time interval, configurable in NFO Modules

(**) For Extra Large deployments or High Availability (HA) requirements, a horizontal architecture utilizing NFO Central is recommended to ensure optimal performance and scalability.


Supported Platforms

NFO is distributed as an Amazon Machine Image (AMI), a Linux RPM/TAR package, or a Windows executable.

  • Linux: Kernel 2.17+ on systemd-based distributions (Rocky Linux 8/9, RHEL 7/8/9, Ubuntu 20.04+, Debian 9+, Oracle Linux 7+).
  • Windows: Windows Server 2016, 2019, 2022.
  • Cloud: AWS (AMI), Azure, Google GCP, and Oracle OCI.
  • Browsers: Mozilla Firefox, Google Chrome, and Microsoft Edge (Chromium).

Required Network Ports

The following ports must be accessible for the system to function correctly:

PortProtocolDescription
8443TCPNetFlow Optimizer Management UI (HTTPS)
9995UDPDefault NetFlow/IPFIX Ingestion Port
161/162UDPSNMP Polling and SNMP Traps
443TCPOutbound connection for Threat Intel & GeoIP updates
9001TCPConfiguration Data Base, port is opened on loopback interface 127.0.0.1
20047 and 20048TCPNetFlow Optimizer internal services, ports are opened on loopback interface 127.0.0.1
20047 and 20048UDPNetFlow Optimizer outputs for Kafka, OpenSearch, etc., ports are opened on four loopback interfaces 127.17.0.1 - 127.17.0.4

To change ports 20047/20048 perform the following after you install NFO:

Add or change the following lines in /opt/flowintegrator/server/etc/server.cfg

CONTROLLER_PORT 20047
CONFIG_PORT 20048
note

Restart NFO and Tomcat after applying these changes as follows:

  1. Stop NFO using GUI
  2. Restart Tomcat using one of the following commands: /etc/init.d/tomcat_nfo restart or service tomcat_nfo restart
  3. Start NFO using GUI

Next Steps: Choose Your Platform

Once you have verified your host meets the requirements above, select the appropriate installation guide for your environment: