Skip to main content
Version: 2.12.0

EDFN Installation Guide

The External Data Feeder for NFO (EDFN) is required for ingesting Cloud Flow Logs (AWS, Azure, GCP) or for security architectures where NFO is isolated from the internet.

Check for Bundled Version

If you installed NFO version 2.7 or higher, EDFN is already installed on your NFO host. You only need this guide if you require a standalone EDFN instance on a separate server.

System Requirements & Supported Platforms

  • System: 4 CPU Cores, 8GB RAM.
  • Linux: Kernel 2.17+ on systemd-based distributions (Rocky Linux 8/9, RHEL 7/8/9, Ubuntu 20.04+, Debian 9+, Oracle Linux 7+).
  • Windows: Windows Server 2016, 2019, 2022.

Required Network Ports

For NetFlow Optimizer and the External Data Feeder for NFO (EDFN) to function correctly, ensure the following network connectivity is established.

Management & Internal Communication

The following port is the primary management channel and must be open on the NFO host to allow incoming connections from the EDFN service:

PortProtocolDirectionDescription
8443TCPInbound to NFOCritical: Management UI and secure EDFN-to-NFO communication (HTTPS).

Outbound Agent Communication

The EDFN service does not "listen" on the ports below; rather, it initiates outbound connections to external data sources. The specific ports required depend entirely on the Enrichment Agents you enable:

  • Internet Communication: Most cloud-based agents (e.g., Threat Intel, AWS/Azure, GeoIP updates) require outbound access on TCP 80 and TCP 443.
  • Infrastructure Agents: Other agents may require specific outbound ports depending on the service being polled (e.g., TCP 5985/5986 for WinRM/Active Directory, or TCP/UDP 443 for VMware vCenter).

Installation Instructions

Linux

note

EDFN installation default directory is /opt/nfi-updater.

  1. Download the RPM or TAR package.
  2. Install (RPM):
rpm -ihv nfi-updater-<version>.x86_64.rpm

  1. Install (TAR):
tar zxvf nfi-updater-<version>.tar.gz
./setup.sh -i

note

The setup.sh script includes an optional --doNotStartServices parameter, which prevents the EDFN service from starting automatically after installation. This is useful when EDFN configuration is copied from one machine to another or installing the service as non-root.

  1. Start Service: Unless --doNotStartServices parameter is used, EDFN service is started automatically. You can check if it is running using this command:
systemctl status nfi_updd

If it is not running, start it using this command:

systemctl start nfi_updd

Windows

  1. Download and launch the .exe.zip installer.
  2. Unzip the installer.
  3. Follow the setup wizard.
  4. Verify: Open services.msc and ensure External Data Feeder for NFO is "Running."

Post Installation Steps

note

If External Data Feeder for NFO is installed on a separate server, or if you have several EDFNs connected to one NFO, perform the following:

  1. Stop EDFN service

    • for Linux OSes which support systemd use command systemctl stop nfi_updd
    • for Linux OSes which support OpenRC use command rc-service nfi_updd stop
    • for other Linux OSes use command service nfi_updd stop
    • for Windows OSes use Microsoft Management Console snap-in "Services"

  2. Change uri parameter in updater.properties file located in /opt/nfi-updater/conf (In Windows C:\Program Files\NetFlow Logic\NetFlow Integrator Updater\conf) to IP address or DNS name of NetFlow Optimizer

    uri = https://<nfo-host>:8443

  3. If this is your second EDFN instance, set a unique EDFN identifier in uid

    uid = EDFN2

  4. Copy Java KeyStore and TrustStore from EDFN installed with NFO ($EDFN1_HOME) to EDFN installed on a separate machine ($EDFN2_HOME)

FromTo
$EDFN1_HOME/conf/.updater_keystore$EDFN2_HOME/conf/.updater_keystore
$EDFN1_HOME/conf/.updater_truststore$EDFN2_HOME/conf/.updater_truststore

  1. Start EDFN service

    • for Linux OSes which support systemd use command systemctl start nfi_updd
    • for Linux OSes which support OpenRC use command rc-service nfi_updd start
    • for other Linux OSes use command service nfi_updd start
    • for Windows OSes use Microsoft Management Console snap-in "Services"