cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

Netflow for R80.10

Anyone ever send Netflow data to Stealthwatch, I'm can't find any data sheet that list the collectors that are compatible with Checkpoint Firewall.  

4 Replies

Re: Netflow for R80.10

It is a standard, so it should just work.

Positive results on 80.10  ipfix / netflow 10  towards an nfsen based Flowmon collector.

Would be nice to see more extended npm ipfix fields:

ipfxextendednpm.png

Re: Netflow for R80.10

I'm with the same problem trying to send Netflow to Stealthwatch.

Im using Check Point Sec. Gw Gaiga R80.30 with IPFIX (netflow 10) sending data Stealthwatch 7.0.0 but the error that STW show is "Invalid Template Data - Exporter has send invalid template data".

 

Any suggestions?

0 Kudos

Re: Netflow for R80.10

You can try to use either version 5 or version 9 and make sure both are set to the same. Default is V5 as far as I know, it is better to fix it and make sure it is set the same on both ends.
Most Netflow applications first want to read from the device via SNMP when you add the device to get information on the interfaces, so you also need to make sure this is allowed.
Regards, Maarten

Re: Netflow for R80.10

After some attempts, it worked perfectly with Netflow v5.

Stealthwatch v7.1.0 (as far as I could try) could not recognize Check Point netwflows v9 and IPFIX.

0 Kudos