SolarWinds NetFlow Traffic Analyzer (NTA)

SolarWinds NetFlow Traffic Analyzer (NTA) is a multi-purpose tool useful for a wide range of bandwidth monitoring and management purposes. It integrates with SolarWinds Network Performance Monitor (NPM) to provide a comprehensive network monitoring tool.

NTA collects two kinds of data: interface-level flow data and Class Based Quality of Service data. It then looks at the performance data NPM collects from SNMP and WMI sources and combines the two data streams to produce one set of data you can analyze and examine. This data can be processed into graphs and reports, so you can have complete visibility into your network, in both a historical sense and in terms of its current status.

Features

Now let’s look at the key features of NTA. Network Traffic Analyzer has several utilities to help with network traffic monitoring, each of which has a special function and key focus regarding network flows.

Bandwidth monitoring

Monitor bandwidth use by application, protocol, and IP address group. View both IPv4 and IPv6 flow records. Monitor Cisco NetFlow, Juniper J-Flow, sFlow, Huawei NetStream, and IPFIX flow data identifying the applications and protocols consuming the most bandwidth.

Application traffic alerting

Get alerted if application traffic suddenly increases, decreases, or disappears completely. Be able to quickly act if there’s an unusual change in application traffic. You can also set alerts to be notified if a device stops sending flow data, so you can efficiently remediate the problem.

Network traffic analysis

Analyze network traffic patterns over months, days, or minutes by drilling down into any network element. NetFlow Traffic Analyzer collects traffic data, correlates it into a useable format, and presents it to the user in a web-based interface for monitoring network traffic.

Performance analysis dashboard

PerfStack™ cross-stack network data correlation. Accelerate identification of root cause by dragging-and-dropping network performance metrics on a common timeline for immediate visual correlation across all your network data and NetFlow analytics.

Advanced application recognition

Identify which applications and categories consume the most bandwidth for better network traffic visibility with NBAR2 support. Cisco NBAR2 support gives you visibility into HTTP (port 80) and HTTPS (port 443) traffic without the need for additional probes, spanning ports, etc.

Customizable network traffic reports

Create, schedule, and deliver in-depth network traffic analysis and bandwidth reports with just a few clicks. Don’t spend money on additional bandwidth if it’s not needed. NetFlow software can help you review historical data to identify peak bandwidth usage and adjust policies for better management.

WLC traffic monitoring

Monitor Wireless LAN Controller traffic to keep tabs on applications and clients utilizing bandwidth on your wireless network. In today’s mobile world, it’s important to keep your wireless network running smoothly. With WLC network traffic analysis, you can easily see what’s using your wireless bandwidth.

Cisco Meraki wireless monitoring

View traffic data on Cisco Meraki interfaces. Visualize the traffic flows on your Cisco Meraki MX and Z series interfaces for better monitoring of the bandwidth use in your Cisco Meraki wireless environment.

CBQoS policy optimization

Measure the effectiveness of pre- and post-policy traffic levels per class map to determine if QoS policies are working as planned. If your business relies on VoIP, e-commerce, or other cloud-based applications, the NetFlow analyzer software will help confirm that prioritized traffic passes smoothly through the network.

Malicious or malformed traffic flow identification

Increase security with visibility into malicious or malformed traffic with port 0 monitoring. TCP/UDP monitoring of port 0 traffic highlights any flows directed to port 0 so you can quickly identify intrusive traffic.

Benefits

• Identifies which users, applications, and protocols are consuming the most network
  bandwidth and highlights the IP addresses of the top talkers on the network
• Monitors network traffic by capturing flow data from network devices, including
  Cisco® NetFlow v5 or v9, Juniper® J-Flow, IPFIX, and sFlow®
• Maps the traffic arriving from designated ports, source IPs, destination IPs, and even
  protocols, to application names you can easily recognize
• Delivers an instant alert notification, including a list of top talkers, when an interface
  exceeds its utilization threshold
• Performs Class-Based Quality of Service (CBQoS) monitoring to ensure that your
  traffic prioritization policies are effective
• Enables you to quickly drill-down into traffic on specific network elements, using
  multiple views to get the perspective you’re looking for
• Generates network traffic reports with just a few clicks
• Facilitates investigation of fault, performance, and configuration issues thanks to
  complete integration with Orion NPM and Orion NCM

New features and improvements in NTA

Release date: November 5, 2019

These release notes describe the new features, improvements, and fixed issues in NetFlow Traffic Analyzer 2019.4. They also provide information about upgrades and describe workarounds for known issues.

New features and improvements in NTA 2019.4

NTA 2019.4 offers the following new features and improvements compared to previous releases of NTA.

Process flow data from Meraki MX devices

As of NTA 2019.4, you can view flow data from Cisco Meraki MX devices. The data are associated with SNMP-managed interfaces from NPM. Certain devices use different Interface IDs when polled by SNMP and different Interface IDs in NetFlow. Due to this discrepancy, traffic cannot be correctly bound to the interface. This issue is solved by mapping between Flow Interface ID and SNMP Interface ID.

To start monitoring data from Cisco Meraki MX devices, you must add the device to SolarWinds NPM and configure it to export flows to the Main or Additional Polling Engine. The mapping is generated automatically when NTA receives the first flow traffic from the relevant Meraki device. Mapping is kept in the Orion database in separate tables for each polling engine. Mapping is valid until you manage the node, enable flow processing, and the NetFlow Service receives flow data.

Enable or disable the Meraki MX mapping feature

You can enable the Meraki mapping feature through NTA Settings in the Orion Web Console. If you are monitoring devices running Meraki firmware version MX 15.14 or later, you can disable the mapping feature completely.

1. In the Orion Web Console, click Settings > All Settings.
2. Under Product Specific Settings, click NTA Settings.
3. Under NetFlow Management, select Process flow data from Meraki MX 15.13 and earlier to enable the feature, and clear the option to disable it.
   • SolarWinds NTA uses autodetection per device for new Meraki firmware. Processing therefore works correctly with Meraki firmware 15.14 or later and this option enabled.
   • If you disable this option through NTA Settings, the changes are global for all devices.
   • If you have devices with Meraki firmware MX 15.13 or later, you see data on the wrong intefaces.

Flow Sources Management and CBQoS Polling Management pages

This section provides procedures for adding and deleting flow sources and selecting CBQoS-enabled devices for monitoring.

If NPM is monitoring network devices that are configured to export flow data, and if automatic addition of flow sources is enabled in NTA Settings, NTA automatically detects and adds the flow sources under NetFlow Sources.

Access the Flow Sources Management page and select interfaces for NetFlow monitoring

1. Click Settings > All Settings.
2. Under Product Specific Settings, click NTA Settings.
3. Click Flow Sources Management.
   This page provides a list of flow-enabled nodes and interfaces.If you do not see any NetFlow sources, confirm that the following is true for your configuration:
   • NetFlow devices must be configured to send NetFlow data to the NTA collector. Devices and interfaces must be managed by SolarWinds NPM before they can be recognized in SolarWinds NTA.
   • Confirm that the SolarWinds NetFlow Service starts in Windows Services.
4. Use the Filters to find the devices to display.
5. Use the Search function to filter the list further.
6. Select nodes and interfaces for NetFlow monitoring.
7. Click Store traffic.

Access the CBQoS Polling Management page and select interfaces for CBQoS monitoring

1. Click Settings > All Settings.
2. Under Product Specific Settings, click NTA Settings.
3. Click CBQoS polling Management.This page provides a list of all nodes and interfaces in SolarWinds NPM.CBQoS-enabled devices must be configured to allow CBQoS polling. Devices and interfaces must be managed by SolarWinds NPM before they can be recognized in SolarWinds NTA.
4. Use the Filters to find the devices to display.
5. Use the Search function to filter the list further.
6. Select nodes and interfaces for CBQoS monitoring.
7. Click Enable.

New features and improvements in Orion Platform 2019.4

Orion Platform 2019.4 offers new features and improvements compared to previous releases of Orion Platform.

Native SolarWinds Service Desk Integration

Generate Service Desk incidents from Orion Alerts.

You can integrate Orion Platform products with the following IT Service Management solutions:

• ServiceNow^® (Orion Platform 2016.1 or later)
• SolarWinds Service Desk (starting with Orion Platform 2019.4)

Integrating an alerting solution with the Orion Platform means that triggering an alert in the Orion Platform creates a new incident in the integrated alerting instance and vice versa.

Configure the integration

To make the integration of the Orion Platform and your alerting system work, complete the following steps.

Step 1: Set up the system to integrate with the Orion Platform.

• ServiceNow
• SolarWinds Service Desk

Step 2: Create an instance for the system in the Orion Platform.

Step 3: Configure Orion Platform alerts to create an incident (ServiceNow or SolarWinds Service Desk) as the alert action.

Configure the instance

1. 1. Log in to the Orion Web Console using an account with administrator rights.
   2. Click Settings > All Settings, and then click Manage Alert Integration Instances.
   3. Click Add Instance and select your instance type.
      • To add a ServiceNow instance, select Service now, and complete the configuration.
      • To add a ServiceDesk instance, select Service Desk, and complete the configuration.

The new instance displays on the Manage Alert Integration Instances page. You can now use Create ServiceNow Incident or Create SolarWinds Service Desk incident as an alert action.Operational states

Once you configure the integration, you can go to Settings > Manage Alert Integrations and view a list of all integrated instances.

Operational states describe how the integration of your alerting system and the Orion Platform works:

• Enabled: new or updated alerts in the Orion Web Console create or update incidents in the integrated instance, and the other way around.
• Restricted: incidents in the integrated instances are updated and closed. Changes in Orion are reflected in the integrated instance (ServiceNow or SolarWinds Service Desk), and the other way around, but no new incidents are created.
• Restricted by system: applies only to ServiceNow. If the number of ServiceNow incidents created in a five-minute period reaches 100, the instance is automatically switched to Restricted state.
• Disabled: incidents cannot be created and updated in the integrated instance based on Orion Platform alerts.

Orion Maps enhancements

Entity Library enhancements

• Filter and refine your entity list based on any property.
• Bulk-select entities to add them to the canvas.
• Quickly identify contextual relationships through the entity library without leaving the editor.

Bulk Administration

• Multi-select from the canvas to move or delete multiple objects in groups.
• Undo and redo options within the Editor.

Custom Images

• Add custom images and backgrounds to enhance the map.

Manual Topology Connections

• Define topology between any two entities directly from the Map Editor.

Customizable map refresh rate

• From the Advanced Configuration Settings, specify the map refresh rate – in minutes – for the Orion Maps Viewer and Widgets.

Orion Maps are a troubleshooting feature that displays a map of physical and logical relationships between entities monitored by the Orion Platform products you have installed. Orion Maps help you quickly isolate and identify critical health and performance issues.

Orion Map types

Auto-generated Orion Maps

Orion Maps automatically generate contextual maps that display critical relationships for monitored entities in the Orion Platform. Go to an entity details page and click the Map subview to display a map of relationships relevant for the entity.

Custom Orion Maps

Starting with Orion Platform 2019.2, you can create custom Orion Maps. Select entities to map and the Orion Maps feature displays physical and logical relationships between them. You can add the custom map on any Orion Web Console view using the Orion Map widget.

Auto-generated Orion Maps

The auto-generated Orion Maps open in the Orion Web Console as a subview and display both physical and logical relationships between entities.

Auto-generated Orion Maps are created without any user intervention: entities are added or removed as changes occur in the environment.

To access auto-generated Orion Maps, go to an entity Details view and click the Map subview in the menu on the left.

1	Map icon: Click the icon to view the Orion Map.
2	Canvas: Displays the map of relationships of the entity.
3	Seed object: The entity whose relationships the map displays. This is the entity from which you accessed the map. The color or the ring around the entity signifies the entity health, based on thresholds set for the entity. For more details about an entity on the map, click the entity. The map adjusts accordingly and details about the entity are displayed in the Inspector Panel (7).
4	Healthy topology connection: For topology connections, the line width represents the interface bandwidth. T
5	Metric pill: By default, it displays the outbound traffic and percent utilization. If polled values for the metric exceed the threshold, the pill displays errors and discards.Hover over the metric pill to show which metric it displays.
6	Connection with issues: The color signifies that a threshold has been exceeded. Yellow means warning and red signifies a critical threshold. Click the connection to see details in the Inspector Panel (8).
7	Tools to adjust the map: Zoom in, zoom out, pan, or change layout.
8	Inspector Panel: Displays details about the entity or connection selected on the map, according to the active navigation bar. When you open the Map from an entity details page, the Inspector Panel only displays the entity name, IP, vendor, and machine type. To show more details about an entity, click the navigation bars in the Inspector Panel (8, 9, 10, 11). To show more details about a connection, select it on the map. The details displayed in the Inspector Panel depend on the connection type. To show all entities on the map, click into the map. The Inspector Panel displays a list of all entities on the map called the Map Summary.
9	Related: Click this button to display entities related to the selected entity in the Inspector Panel: descendants, ancestors, and dependencies. To add a related entity to the map, select the check box in front of the entity, and click Apply.
10	Connected: Click this button to display entities connected to the selected entity by a protocol-based relationship or actual data flow, such as topology (NPM) or Application Dependency Connections (SAM), in the Inspector Panel. To add a connected entity to the map, select the check box in front of the entity, and click Apply.
11	Alerts: Click this button to display a list of active alerts associated with the entity in the Inspector Panel.
12	Recommendations (only with VMAN): If you have VMAN installed, this section presents recommendations for the entity.

Custom Orion Maps

Starting with Orion Platform 2019.2, you can create Orion Maps either based on the auto-generated maps, or from scratch.

• Maps summary view
• Edit Mode
• View Mode
• Orion Map widget

View a list of maps, create maps, and edit maps from the Maps view

To access Orion Maps created by users, click My Dashboards > Orion Maps in the Home section.

1	List of maps: Review available Orion Maps. By default, the list shows maps created by you. If you have Administrator rights, you can display Orion Maps created by other users (4). Click a map name to view the map (View mode).
2	Button bar: Create a new map, or select a map in the list (1) and edit or delete it.
3	Sort, filter, and search controls: Use the filter and search options to find Orion Maps. Sort maps by name, time since last update, or creation date.
4	All Users: Toggle to display all maps or only maps created by you. This toggle is available only to administrators.

Add entities or adjust connections in Edit mode

Edit mode is where you create or edit maps. To enter Edit mode:

• On the Maps view, select a map and click Edit.
• In View mode, click More > Edit.

1	Entity Library: Drag entities from the library to the canvas.
2	Canvas: Place entities in the correct position. If there are relationships between entities on the map, the connections are automatically added to the map as well.
3	Button bar: Save the map or use commands in the More menu, such as create a new map, save the map under another name, delete the map, or switch to View mode.
4	Map controls: Zoom in, zoom out, and center and adjust the map to the view. Shortcut Explanation = Zoom in. – Zoom out. Ctrl + Mouse wheel up Zoom in. Ctrl + Mouse wheel down Zoom out. Space bar + Click + Drag Pan the map in the viewport. Map Editor Only Del Remove the selected object(s) from the map. Excludes auto-discovered connections. Ctrl + S Save the map. Ctrl + Shift + S Save the map under a new name. Esc Clears object selection. Arrows Nudge the selected object. Shift + arrows Move the selected object. Ctrl + Z Undo previous map modification Ctrl + Y Redo previously undone map modification

View popups and display details on mapped entities in View mode

View mode displays a full screen view of user-created maps for easy troubleshooting and investigation.

1	Entity: Click an entity to display details in the Inspector Panel.
2	Inspector Panel: Displays details about the entity or connection selected on the map. Click inside the canvas to review mapped entities on the Map Summary. Click an entity to view related and connected entities. Review alerts. If you have VMAN installed, review VMAN recommendations. In the View mode, you cannot add related entities to the map. Entities in the Inspector Panel do not have check boxes. This is only available from the auto-generated map subviews.
3	Popup: Hover over an entity to see additional details. You can also execute commands from the command menu, such as go to details view, edit the entity, mute alerts for the entity, or unmanage the entity.
4	Button bar: Click Share to copy the map address to the clipboard, click More > Edit to switch to Edit mode.
5	Map controls: = Zoom in. – Zoom out. Esc Remove entity selection.

Orion Map widget

When you create a custom Orion Map, you can add it to a view in the Orion Map widget.

Click an entity on the map to go to the entity details view.

Hover over an entity to display a popover, or to run commands for the entity from the Commands drop-down.

What can you do with Orion Maps?

• View details for entities on mapped entities, such as the Map Summary, connected entities, dependent entities, related alerts, or VMAN recommendations
• View connections between displayed entities, such as topology connections, application dependency connections, or Orion dependency connections
• Customize the auto-generated maps, such as add/remove related entities, create a group from mapped entities
• Adjust the auto-generated map by zooming in, zooming out, or panning
• Create a custom Orion Map, add entities, adjust their position, and save the map
• Add the Orion Map to your views as a widget
• Create a custom alert based on the Orion Maps entity
• Send mapped objects via email as a report and send the Orion Map as a PDF

System Requirements

NetFlow Traffic Analyzer 2019.4 System Requirements

Polling engine requirements

The following requirements ensure the scalability benefits of SolarWinds NTA:

Type	Requirements
Operating system	Microsoft Windows Server 2016 Microsoft Windows Server 2019
SolarWinds NPM	Version 2019.4 SolarWinds NTA requires an appropriate SolarWinds NPM version hosted on the same server.
Databases	NTA and Orion Platform use two databases – the Orion database and the NTA SQL Flow Storage database. The Orion database stores SolarWinds Orion configuration data and all collected performance and syslog data. The NTA Flow Storage database is where SolarWinds NTA stores your flow data. The NTA SQL Flow Storage database requires an instance of Microsoft SQL Server 2016 SP1 or later. Both databases can be collocated on one SQL server. In case you decide to use separate SQL servers for the Orion database and the NTA SQL Flow Storage database, the Orion database requires Microsoft SQL Server 2014 and later. A connection to Orion SQL database is required because CBQoS data and some additional low level details are still stored in Orion SQL database.

SQL server requirements

SolarWinds NTA 4.4 and later utilizes two SQL databases:

• The Orion database
• The NTA SQL Flow Storage database

SolarWinds supports both the Orion database and the NTA SQL Flow Storage database in the same SQL server instance, as long as that instance is SQL Server 2016 SP1 or later. See sections below for Orion database requirements and the NTA SQL Flow Storage database requirements.

You cannot install Orion Platform products on the same server as SolarWinds Access Rights Manager (ARM).

NTA Flow Storage database requirements

• SolarWinds NTA requires SQL Server 2016 SP1 or later to run the NTA SQL Flow Storage database.
• For production environments, SolarWinds recommends using the Standard or Enterprise edition of the SQL server for the NTA SQL Flow Storage database.
  Deploying the NTA Flow Storage database on SQL Server 2016 SP1 Express is not recommended in a production environment due to performance and other limitations. For more information about SQL server Express, see Editions and supported features of SQL Server 2016 (© 2017 Microsoft, available at https://docs.microsoft.com, obtained on February 20th, 2018).
• SolarWinds supports both the Orion database and the NTA SQL Flow Storage database in the same SQL server instance, as long as that instance is SQL Server 2016 SP1 or later.

Orion database requirements

The table below lists software and hardware requirements for your SolarWinds Orion database server using SolarWinds NPM license levels.

Requirements	SL100, SL250, SL500	SL2000	SLX
SQL server	SolarWinds supports Express, Standard, or Enterprise versions of the following: SQL Server 2016, 2016 SP1, or 2016 SP2 SQL Server 2017 SolarWinds strongly recommends using the 64-bit version of SQL Server. Due to latency effects, SolarWinds does not recommend installing your SQL Server and your Orion server or additional polling engine in different locations across a WAN. You can set the database recovery model to Full Recovery if you use Always On Availability. SolarWinds recommends Simple database recovery mode to ensure best performance.
SQL Server collation	English with collation setting SQL_Latin1_General_CP1_CI_AS German with collation setting German_PhoneBook_CI_AS Japanese with collation setting Japanese_CI_AS Simplified Chinese with collation setting Chinese_PRC_CI_AS We support CI database on an CS SQL Server. We do not support case-sensitive databases.
CPU speed	Quad core processor or better	Dual quad core processor or better	Dual quad core processor or better
Hard drive space	20 GB minimum 40 GB recommended	50 GB minimum 100 GB recommended	100 GB minimum 400 GB recommended SolarWinds recommends the following configuration: A hardware RAID Controller with a battery backed-up write back cache Disk Subsystem 1 Array 1: 2x 146 GB 15K disks RAID 1 (mirroring) for the OS Disc Subsystem 2 Array 2: 2x 146 GB 15K disks RAID 1 (Pagefile + Extra Storage) Disk Subsystem 3 Array 3: with 6x 15k 146 GB or 300 GB disks configured in a RAID 1+0 array for your SQL MDF and FILEGROUPS. Disk Subsystem 4 Array 4: with 4x 15k 146 GB or 300 GB disks configured in a RAID 1+0 array for your SQL LDF Transaction LOG file Disk Subsystem 5 Array 5: with 4x 15k 146 GB or 300 GB disks configured in a RAID 1+0 array for your tempdb data file Disk Subsystem 6 Array 6: with 4x 15k 146 GB or 300 GB disks configured in a RAID 0 array for your tempdb log file
	Due to intense I/O requirements, a RAID 1+0 drive is strongly recommended for the SolarWinds database, data, and log files with a dedicated drive for the server operating system and tempdb files. Other RAID configurations can negatively affect your SQL Server’s performance. Mirrored drives for the OS and RAID 1+0 for database data files are recommended. Solid state drives (SSD) are recommended for all components. Per Windows standards, some common files may need to be installed on the same drive as your server operating system. You may want to move or expand the Windows or SQL temporary directories.
Memory	SL100 8 GB minimum 16 GB recommended	16 GB minimum 64 GB recommended	64 GB minimum 128 GB recommended
	SL250 &SL500 8 GB minimum 16 GB recommended
Authentication	Either mixed-mode or Windows authentication. If you require SQL authentication, you must enable mixed mode on your SQL server.
Other software	If you are managing your SolarWinds Orion database, SolarWinds recommends you install the SQL Server Management Studio component. The Installation wizard installs the following required x86 components if they are not found on your Orion database server: SQL Server System Common Language Runtime (CLR) Types. Orion products use secure SQL CLR stored procedures for selected, non-business data operations to improve overall performance. Microsoft SQL Server Native Client Microsoft SQL Server Management Objects

Cloud instance requirements for the NTA SQL Flow Storage database in Azure

Instance Details	Medium (SL2000)	Large (SLX)
Instance type	D12_v2	D15_v2
CPU	4 CPU	16 CPU
RAM	30.5 GB RAM	122 GB RAM
Disk	System SSD 80 GB (included in D12_v2) + Data Azure Storage Disk Volume 500 GB (8 GB for every received sustained 1000 Flows/s with 30-days retention period)	System SSD 320 GB (included in D12_v2) + Data Azure Storage Disk Volume 2.5 TB (2.5 TB is Flow Storage, 300k FPS with 30-days retention, Azure Storage Disk with Provisioned IOPS recommended)

Virtual machine requirements

SolarWinds NTA may be installed on VMware Virtual Machines and Microsoft Virtual Servers if the following conditions are met in your virtual environment:

• Each virtual machine needs to meet the SolarWinds NPM requirements for virtual machines.
• Each installation of NPM should have its own dedicated network interface controller.

SolarWinds NPM uses SNMP to monitor your network. SNMP traffic is generally assigned low priority, and thus you can experience gaps in monitoring data.

Port requirements

The following table lists ports that SolarWinds NetFlow Traffic Analyzer uses to communicate with other devices and servers.

Port	Protocol	Service/Process	Direction	Description
80	TCP	World Wide Web Publishing Service	Bidirectional	Port used for web console and any other web servers.
137	UDP	NetBIOS	Outbound	Port for outbound traffic if NetBIOS name resolution is turned on. When NTA is trying to resolve the NetBIOS names of servers in their conversations, you may find a large amount of outbound UDP 137 traffic from the NTA collector to a number of external addresses. You can confirm the traffic by using the Flow Navigator to match the outbound connections to existing conversations. This is normal behavior when NetBIOS is enabled. An easy way to demonstrate the behavior is to disable NetBIOS in NTA and watch all outbound connections terminate.
161	UDP TCP	SolarWinds Job Engine v2	Outbound	Port used for sending and receiving SNMP information, including polling CBQoS-enabled devices.
1433	TCP	SolarWinds NetFlow Service SolarWinds NetFlow Storage Service	Outbound	Port used for communication between the NetFlow Service and the existing SQL server.
1434	UDP	SolarWinds NetFlow Service SolarWinds NetFlow Storage Service SQL Browse Service	Outbound	The port used for communication between the NetFlow Service and the Orion database. This port is required only if your SQL Server is configured to use dynamic ports.
2055	UDP	SolarWinds NetFlow Service	Inbound	Port for receiving flows on any SolarWinds NTA collector.
5671	TCP	RabbitMQ	Bidirectional	Rabbit MQ messaging.
17777	TCP	SolarWinds Information Service	Bidirectional	Port for sending and receiving traffic between SolarWinds NPM and other Orion Modules. Port used for communication between remote Flow Storage Database and NTA Main Poller.
17778	HTTPS and TCP	SolarWinds Information Service	Bidirectional	Open to access the SolarWinds Information Service API and agent communication.
17791	TCP	SolarWinds Agent	Bidirectional	Open for agent communication on any SolarWinds Orion server running Windows Server 2016.
Device-specific				Any port required by a specific device.