Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Contributor

Netflow for R80.10

Anyone ever send Netflow data to Stealthwatch, I'm can't find any data sheet that list the collectors that are compatible with Checkpoint Firewall.  

5 Replies
Highlighted
Explorer

It is a standard, so it should just work.

Positive results on 80.10  ipfix / netflow 10  towards an nfsen based Flowmon collector.

Would be nice to see more extended npm ipfix fields:

ipfxextendednpm.png

Highlighted
Advisor

I'm with the same problem trying to send Netflow to Stealthwatch.

Im using Check Point Sec. Gw Gaiga R80.30 with IPFIX (netflow 10) sending data Stealthwatch 7.0.0 but the error that STW show is "Invalid Template Data - Exporter has send invalid template data".

 

Any suggestions?

0 Kudos
Highlighted
Champion
Champion

You can try to use either version 5 or version 9 and make sure both are set to the same. Default is V5 as far as I know, it is better to fix it and make sure it is set the same on both ends.
Most Netflow applications first want to read from the device via SNMP when you add the device to get information on the interfaces, so you also need to make sure this is allowed.
Regards, Maarten
Highlighted
Advisor

After some attempts, it worked perfectly with Netflow v5.

Stealthwatch v7.1.0 (as far as I could try) could not recognize Check Point netwflows v9 and IPFIX.

0 Kudos
Highlighted
Contributor

Late answer, but it seems in v9/ipfix packet from Gaia, "IP ToS" field is missing and it is required for Stealthwatch.
This field is available in v5, so no problem with it.

Still looking for resolution

0 Kudos