Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Kaland
Contributor

VSX Netflow data pr. vs

netflow‌vsx

Check Point VSX Netflow pr vs is not possible today. By design you only get netflow from vs0. 

This this is problematic for us as an MSP because we need to get netflow from customer dedicated vs only and to the customers SIEM and ELK system.  This is due most because of flow licensing in SIEM, and that we don´t want to give visibility to other customers netflow data.  

Does anyone have any experience with filtering this out in tools like ELK or nfdump?  Much appreciated  if anyone want to share and discuss here 

Check Point SK for Netflow 

NetFlow support by Gaia OS  - In the sk from Check Point  you can identify which vs id the flow is coming from

Hopefully Check Point will redesign this so you can set netflow settting pr. vs 

7 Replies
PhoneBoy
Admin
Admin

Not familiar with a way to do this, but maybe someone else has.

Can see why this would be a useful feature to have.

Kaland
Contributor

Hi,

Does this mean that this have been implemented? do you have some more information about this that you can share? Smiley Happy 

Best regards 

Bjørn Andre Kaland 

PhoneBoy
Admin
Admin

That's what it appears to mean, but unfortunately I don't have details.

If it's of interest to you, I recommend getting involved in the EA.

0 Kudos
Magnus-Holmberg
Advisor

Any update on this, netflow per vs would be perfect
https://www.youtube.com/c/MagnusHolmberg-NetSec
Maarten_Sjouw
Champion
Champion

The feature that has been added is that it now adds a VS-ID to the netflow packets, so to support this your netflow system should be able to recognise this ID and show the data per VS.
Regards, Maarten
0 Kudos
Magnus-Holmberg
Advisor

Sure and thats good.
But as an MSP i would like to configure one netflow system per VS as each VS belongs to a diff customer, and these customer do not always buys our service they just want the data so to say.

Similar to SNMP where i can configure diff users to be able to poll, and then allow them to poll the specific VS on its IP.

https://www.youtube.com/c/MagnusHolmberg-NetSec
ivanmarkovic
Explorer

Hi there,

 

Is there maybe any tutorial how to do it.

I am using opmanager and as soon as i set netflow on any of the VSX or physical box i get flow from the VSX cluster and data seems bogus.

 

Regards, Ivan 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events