cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Highlighted

Netflow not working

Hi Checkmates,

My netflow is not working. I have followed the configuration from SK102041.  The format I'm using is v9. The netflow server is Solarwinds. Any one having the same experience? Thanks!

8 Replies

Re: Netflow not working

1) Do you have a firewall rule that allows Netflow?
2) Are blocked packets displayed:

    # fw ctl zdebug drop | grep <Solarwind Server>
3) Can you see traffic between the gateway and the Solarwind server?

    # fw monitor -e "accept(host=<Solarwind Server>);"

Re: Netflow not working

Make sure to also setup SNMP properly for the Solarwinds server, as it will first query the gateway fior the interfaces etc via SNMP before it will add the gateway in Netflow.

Regards, Maarten
Tom_Cripps
Copper

Re: Netflow not working

Has anyone got anywhere with this?

Just doesn't seem to work consistently like it would on a Cisco device for example? You can see below we've just had nothing from our Gateway for the last 4 hours pretty much.

Nothing is being dropped at all as i can see the port being allowed in the logs. TCPdump or Fw Monitor doesn't show anything.

0 Kudos

Re: Netflow not working

We are seeing the exact same thing with some of our gateways, we did see that there was one cluster working properly and another was failing, the difference was the Jumbo installed, 103 version worked fine, the newer version just keeps showing dropout like in your graph.

We currently have a case open for this issue.

Regards, Maarten
0 Kudos
Tom_Cripps
Copper

Re: Netflow not working

Hi Maarten,

Apologies for the delay in response. 

We have now got this issue fixed as it was relating to General errors for SecureXL - recommend that to your support team and see if they check that. We temporarily added a value then was given a hotfix which has now fixed this. 

0 Kudos

Re: Netflow not working

In our case there were 2 different systems collecting the Netflow data, an older CA collector, which they are phasing out and another newer system, we moved the gateways over to the other collector and now they are receiving data without hesitations, we already found that the gateway was sending data all the time, but the guys did not want to spend time on the CA collector anymore.

Regards, Maarten

Re: Netflow not working

If your gateways are now on R80.10, you might want to change from Netflow V9 to IPFIX.     

We are having issues with Solarwinds NTA since the 4.5 upgrade.   They are blaming Checkpoint but pcaps prove otherwise Smiley Happy 

We moved one of our gateways to IPFIX a few days ago and the flows seems to be reporting properly now.  

0 Kudos
Tom_Cripps
Copper

Re: Netflow not working

The most recent hotfix has fixed our issue, 170 I believe