NFO Installation Guide
This guide provides the necessary prerequisites, system requirements, and architectural considerations for installing NetFlow Optimizer (NFO). Whether you are deploying on-premises or in a cloud environment, ensure your host meets these specifications before proceeding to the platform-specific installation steps.
Starting with NFO version 2.7, the External Data Feeder for NFO (EDFN) is automatically bundled and installed with the NFO software. A separate EDFN installation is only required for specialized distributed architectures.
Before You Begin
A successful installation requires administrative access and a valid license.
- Administrative Privileges: You must have
rootaccess for Linux orAdministratorprivileges for Windows installations. - License Key: An active license is required to output data. You can obtain a FREE evaluation license here.
- Network Connectivity: Ensure the target host can reach the internet (Port 443) for threat intel and GeoIP updates.
System Requirements & Sizing
The following specifications represent the minimum and recommended requirements for a production NFO deployment.
| Option | Number of Hosts | Ingest Rate | CPU (Cores) | Memory (RAM) | Disk Space | DCI(*) |
|---|---|---|---|---|---|---|
| Small | ~200 | 2,000 flows/sec | 2 | 8 GB | 20 GB | 30 sec |
| Medium | ~2,000 | 20,000 flows/sec | 4 | 16 GB | 20 GB | 30 sec |
| Large | ~5,000 | 50,000 flows/sec | 8 | 32 GB | 20 GB | 60 sec |
| Extra Large (**) | 10,000+ | 100,000+ flows/sec | 16 | 64 GB+ | 20 GB | 180 sec |
(*) Data Collection Interval - flow consolidation time interval, configurable in NFO Modules
(**) For Extra Large deployments or High Availability (HA) requirements, a horizontal architecture utilizing NFO Central is recommended to ensure optimal performance and scalability.
Supported Platforms
NFO is distributed as an Amazon Machine Image (AMI), a Linux RPM/TAR package, or a Windows executable.
- Linux: Kernel 2.17+ on systemd-based distributions (Rocky Linux 8/9, RHEL 7/8/9, Ubuntu 20.04+, Debian 9+, Oracle Linux 7+).
- Windows: Windows Server 2016, 2019, 2022.
- Cloud: AWS (AMI), Azure, Google GCP, and Oracle OCI.
- Browsers: Mozilla Firefox, Google Chrome, and Microsoft Edge (Chromium).
Required Network Ports
The following ports must be accessible for the system to function correctly:
| Port | Protocol | Description |
|---|---|---|
| 8443 | TCP | NetFlow Optimizer Management UI (HTTPS) |
| 9995 | UDP | Default NetFlow/IPFIX Ingestion Port |
| 161/162 | UDP | SNMP Polling and SNMP Traps |
| 443 | TCP | Outbound connection for Threat Intel & GeoIP updates |
| 9001 | TCP | Configuration Data Base, port is opened on loopback interface 127.0.0.1 |
| 20047 and 20048 | TCP | NetFlow Optimizer internal services, ports are opened on loopback interface 127.0.0.1 |
| 20047 and 20048 | UDP | NetFlow Optimizer outputs for Kafka, OpenSearch, etc., ports are opened on four loopback interfaces 127.17.0.1 - 127.17.0.4 |
To change ports 20047/20048 perform the following after you install NFO:
Add or change the following lines in /opt/flowintegrator/server/etc/server.cfg
CONTROLLER_PORT 20047
CONFIG_PORT 20048
Restart NFO and Tomcat after applying these changes as follows:
- Stop NFO using GUI
- Restart Tomcat using one of the following commands:
systemctl restart tomcat_nfoorservice tomcat_nfo restart - Start NFO using GUI
Next Steps: Choose Your Platform
Once you have verified your host meets the requirements above, select the appropriate installation guide for your environment:
- Installing NFO on Linux (RPM, TAR, and Non-Root instructions)
- Installing NFO on Windows
- Installing NFO in AWS
- Upgrading or Removing NFO