I am running a network with a central historically grown firewall system which I would like to replace. Unfortunately the historically grown rule set is a REAL mess, so I would like to do a network analysis from the scratch. Therefore I plan to run sflow on my HP Procurve Switches. I already have it running with ntop but this is unfortunately not the tool of choice in my case. What I am looking for is a sflow collector which I could use to reengineer my firewall rules. The main goal is to get a grahpical and/or table view of all hosts in the network. What I need to do is to create a complete new rule set for each host in the network, whereby my focus is on the incoming connections from host point of view. The tool should have different filter options like "filter by host", "filter by network", filter by service" etc. Of course I would prefer to use Open Source software but if there is no suitable open source tool for my purpose, I am definitely willing to pay for a commercial tool.
I hope my explanation is not too confusing. :-)
Would be great to get some advices from you guys. The list at sflow.org is a good starting point but unfortunately I don't have the time to try out each tool on the list:
http://www.sflow.org/products/collectors.php
Cheers,
Bob