Get started
Network Flow (formerly Magic Network Monitoring) includes an onboarding workflow that guides you step-by-step through the product configuration process. If you are unable to complete the configuration in one session, you can exit the workflow and resume it at any time.
To begin using Network Flow for network and/or cloud traffic visibility, complete the list of tasks below.
If you are an Enterprise customer, Cloudflare can significantly accelerate the onboarding timeline during active-attack scenarios.
Enterprise customers that would like to use Network Flow and Magic Transit On Demand together can begin by configuring Magic Transit.
Verify your routers are capable of exporting NetFlow or sFlow to an IP address on Cloudflare's network. Network Flow supports NetFlow v5, NetFlow v9, IPFIX, and sFlow.
Refer to Supported routers to view a list of supported routers. The list is not exhaustive.
When you register your router with Cloudflare, your router links your NetFlow or sFlow data to your Cloudflare account.
- Go to the Network flow page.
- In Network flow, select Configure Network flow.
- Select the Configure routers tab.
- (Optional) Under IP Address, enter your router's public IP address.
- Under Default router sampling rate, enter a value for the sampling rate. The value should match the sampling rate of your NetFlow or sFlow configuration.
- Select Next.
Next, configure your router to send NetFlow or sFlow data to Cloudflare. For this step, you will also need to have your router's configuration menu open to input the values shown in the Cloudflare dashboard.
Refer to the NetFlow and IPFIX configuration guide or the sFlow configuration guide for more information.
- From Configure routers in the dashboard, select either NetFlow Configuration or sFlow configuration.
- Follow the configuration steps for the selected configuration type.
- Enter the values shown in your router's configuration.
- Select Next.
After setting up your router, confirm the configuration was successfully set up.
From the Check routers page on the dashboard, you can view the status of your routers. Router data typically takes five to ten minutes to appear in the Cloudflare dashboard.
Refer to Router status description to confirm whether data is successfully being sent.
When you are done with router configuration, select Finish onboarding.
Create rules to analyze data for a specific set of destinations or to implement thresholds. Refer to Rules for more information.
Verify that your Amazon Web Services (AWS) account is capable of exporting AWS Virtual Private Cloud (VPC) flow logs through AWS Firehose. Currently, Network Flow only supports VPC flow log ingestion for AWS.
-
Create an authorization token using Cloudflare's API for Network Flow. This authorization token allows Cloudflare to identify and verify the account sending VPC flow logs to our endpoint.
At least one of the following token permissions is required:
Required API token permissions
Magic Network Monitoring Admin
-
In your AWS Firehose stream configuration, set the
HTTP Headers - X-Amz-Firehose-Access-Keyto the authorization token generated in the previous step.
-
Send your AWS Firehose VPC flow log stream towards
https://aws-flow-logs.cloudflare.com/.
-
Select all of the AWS VPC flow log data fields that you want to send to Cloudflare. You should select the highest number AWS VPC flow log version that supports all the fields you want to export to Cloudflare (refer to AWS flow log documentation ↗ for more information). For example, if you need a version 8 field like
reject-reason, you must export all fields from versions 1 through 8. Cloudflare supports all seven templates for AWS VPC Flow logs.
After setting up AWS Firehose to send VPC flow logs to Network Flow, you can confirm that Cloudflare is receiving the logs as expected by searching for your cloud traffic data in the analytics page of the Network Flow dashboard.
- Go to the Network flow page.
- The default view will be the analytics dashboard for Network Flow.