This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
handiansudianto
Advisor
‎2023-11-30 05:03 PM

Netflow

 
 

Hello

What should i do if in the netflow manager we see conversation from ip public to ip public? My goal is to capture netflow from LAN (internal private ip) to the destination (public ip)?

Preview file
72 KB
0 Kudos
6 Replies
the_rock
MVP Gold
MVP Gold
‎2023-11-30 05:36 PM

Im not really clear what you are trying to do here. Just capture traffic or something else? If its capturing, then you can do something like this -> fw monitor -F "srcIP,srcport,dstIP,dstport,protocol"

example  fw monitor -F "1.1.1.1,0,2.2.2.2,4434,0"

Andy

0 Kudos
handiansudianto
Advisor
‎2023-11-30 05:41 PM
In response to the_rock

Hello,

What i mean is i have Network Traffic Analyst (NTA) tools from solarwinds to capture all network conversation between the client to to the internet using netflow. I already enable netflow side but when i see on the solarwinds the conversation shown from our public IP as the source to the internet. I just want to know how we can get real client ip (private ip of the client) on the netflow, so we can see conversation traffic of each users.

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2023-11-30 05:44 PM
In response to handiansudianto

Ah, got it! Make sure its configured properly in netflow section of web UI or in clish with something like show netflow command. I can check in my lab tomorrow. If I recall right, there is an option in web UI for netflow to set the correct interface as well.

Andy

0 Kudos
handiansudianto
Advisor
‎2023-11-30 05:46 PM
In response to the_rock

Thanks you, i believe i already configure the netflow but seem the netflow capture the traffic after NAT process so the real ip is not showing.

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2023-11-30 06:17 PM
In response to handiansudianto

You can always set manual NAT for it, just make sure you are not nattimg that host behind the fw, otherwise, it will show public IP.

Andy

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-11-30 07:03 PM

For awareness:

notes.png

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events