There are two options when you want to collect traffic from a DMZ environment:
- Send Netflow from the DMZ environment to the Faddom server
- Deploy an additional sensor in the DMZ environment and send the traffic there
In the case of sending Netflow traffic from the DMZ environment directly to the Faddom server, you will need to configure the firewall to allow the Netflow traffic to the server. Netflow is a UDP based protocol and the default port for Netflow traffic is 4739.
In case you cannot open a firewall to allow outgoing traffic from the DMZ environment, you can deploy an additional Faddom sensor in the environment either by using our sensor ova file or by installing a sensor on any Windows or Linux based server.
In this case, you can send the Netflow traffic internally inside the DMZ environment to the sensor, and then the server will reach out to the sensor to collect the traffic from it.
This way the firewall port that needs to be opened is from the Faddom server to the sensor using TCP and the default port is 9545.