# Palo Alto

#### **1. Define a NetFlow Profile**

1. Go to **Device → Server Profiles → NetFlow**.
2. Click **Add**.
3. Give the profile a name.
4. Configure:
   * **Collector IP address** (your flow collector).
   * **Port** (default 2055 for NetFlow, or whatever your collector expects).
   * **Protocol**: UDP.
   * **Active Timeout**: Typically 1 minute (controls how often long-lived sessions are reported).
   * **Inactive Timeout**: Usually 15 seconds (when a session has been idle).
   * Select **Template Refresh Rate** (number of flows before resending template).

#### **2. Attach NetFlow Profile to Interfaces**

1. Go to **Network → Interfaces**.
2. Select the interface(s) you want to export flows for (e.g., WAN, LAN, DMZ).
3. Under the **Advanced → NetFlow** tab:
   * Enable NetFlow.
   * Choose the NetFlow profile you just created.

#### **3. Commit the Configuration**

* Click **Commit** to push changes to the running config.

#### **4. Verify**

* On the collector, you should start seeing flows.
* On the firewall itself, you can check via CLI:

  ```bash
  > show netflow state
  > show session info
  ```

  These confirm templates and exports are active.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.elastiflow.com/additional-resources-reference-articles/guides/configuring-flow-logs-on-devices/palo-alto.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.