🧠 1. What is NetFlow / Insight?
In modern network management, visibility is key.
OPNsense includes a powerful module called NetFlow / Insight, which allows administrators to monitor, visualize, and analyze network traffic in real time — including source, destination, protocol, and bandwidth usage.
⚙️ 2. How NetFlow Works
NetFlow, originally developed by Cisco, collects network flow statistics without capturing full packet content.
Each “flow” contains:
- Source / Destination IP
- Port numbers
- Protocol (TCP, UDP, ICMP)
- Transferred bytes and packets
- Interface and direction
OPNsense uses softflowd to capture interface traffic and flowd_aggregator to summarize and store flow data.
Compared to IDS/IPS systems (like Suricata), NetFlow focuses on traffic visibility with minimal CPU overhead — ideal for long-term monitoring.
🧩 3. How to Enable NetFlow in OPNsense
Steps:
- Go to Reporting → NetFlow → General
- Enable NetFlow
- Select monitored interfaces (e.g.,
LAN,WAN) - Configure:
- Active timeout: 60s
- Inactive timeout: 15s
- Capture VLANs (recommended if VLANs exist)
- Click Apply.
For external analysis tools (e.g., nTopNG, PRTG, or ElastiFlow):
Host: 10.0.0.10
Port: 2055
Version: v9
📊 4. Using Insight Dashboard
Navigate to Reporting → Insight
The Insight dashboard provides visual and historical analytics:
| Section | Description |
|---|---|
| Traffic Overview | Real-time bandwidth graphs per interface. |
| Top Talkers | Shows top sources, destinations, ports, and protocols. |
| Applications | Lists common apps like YouTube, Zoom, Teams, Facebook. |
| History | Review 1h to 1-month trends. |
All reports can be exported as CSV or PNG for audits or management reports.
🏢 5. Enterprise Use Cases
| Scenario | Implementation | Benefit |
|---|---|---|
| Multi-site VPN Monitoring | Enable NetFlow on each firewall and export to a central nTopNG server | Unified visibility across regions |
| Bandwidth Congestion | Use “Top Talkers” to identify excessive uploaders | Quick root-cause detection |
| Data Leakage Detection | Monitor abnormal outbound traffic | Early alert for suspicious activity |
| Capacity Planning | Use historical graphs to predict future bandwidth needs | Smarter budgeting & upgrades |
🧮 6. Performance and Storage Tips
| Item | Recommendation |
|---|---|
| CPU / RAM | ≥ 4 cores / 8 GB RAM |
| Storage | 300 MB – 2 GB per day (depends on traffic) |
| Retention | Default 8 days, configurable |
| Backup | Export or offload data periodically |
🔍 7. Integration with Zenarmor (Sensei)
When combined with Zenarmor, OPNsense gains Layer 7 visibility:
- Application-level analytics (App-ID)
- User behavior insights
- Unified dashboard for “who used what and how much”
✅ 8. Conclusion
NetFlow Insight is the analytical brain of OPNsense.
It transforms raw packets into meaningful insight — helping administrators make data-driven decisions, detect anomalies, and optimize network performance.
Whether you’re running a single office or multiple international sites, enabling NetFlow offers real-time visibility with minimal overhead.