Default setup of FastNetMon assumes that traffic between your routers and switches and machine with FastNetMon does not leave your network premises.
However, in some cases, it may be useful to send traffic information over the Internet. FastNetMon could work this way without any issues. Pay attention to the following restrictions:
- Netflow/IPFIX is not an encrypted protocol and could leak sensitive data (IP addresses, port numbers, protocols)
- Netflow/IPFIX are UDP-based protocols and could be dropped/corrupted during transfer
The same restriction applies to sFlow v5 protocol. Furthermore, it carries even more sensitive data (including HTTP headers, session id and other very important fields) because it has the first 60-120 bytes of each Ethernet frame from your network. Proceed with necessary caution.
If you could deploy IPSec/VPN or any kind of L2 link between two points, it's a recommended way to implement it.
Also, BGP is very sensitive to any kind of network congestion/overload and could shut down the session between the router and FastNetMon, and all announces published by FastNetMon will be removed. So, please keep your timeouts high to avoid such cases.
As an additional level of security, we suggest using md5 validation for BGP sessions from both sides. FastNetMon has complete support for this option.