Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
handiansudianto
Collaborator

Netflow

 
 

Hello

What should i do if in the netflow manager we see conversation from ip public to ip public? My goal is to capture netflow from LAN (internal private ip) to the destination (public ip)?

0 Kudos
6 Replies
the_rock
Legend
Legend

Im not really clear what you are trying to do here. Just capture traffic or something else? If its capturing, then you can do something like this -> fw monitor -F "srcIP,srcport,dstIP,dstport,protocol"

example  fw monitor -F "1.1.1.1,0,2.2.2.2,4434,0"

Andy

0 Kudos
handiansudianto
Collaborator

Hello,

What i mean is i have Network Traffic Analyst (NTA) tools from solarwinds to capture all network conversation between the client to to the internet using netflow. I already enable netflow side but when i see on the solarwinds the conversation shown from our public IP as the source to the internet. I just want to know how we can get real client ip (private ip of the client) on the netflow, so we can see conversation traffic of each users.

0 Kudos
the_rock
Legend
Legend

Ah, got it! Make sure its configured properly in netflow section of web UI or in clish with something like show netflow command. I can check in my lab tomorrow. If I recall right, there is an option in web UI for netflow to set the correct interface as well.

Andy

0 Kudos
handiansudianto
Collaborator

Thanks you, i believe i already configure the netflow but seem the netflow capture the traffic after NAT process so the real ip is not showing.

0 Kudos
the_rock
Legend
Legend

You can always set manual NAT for it, just make sure you are not nattimg that host behind the fw, otherwise, it will show public IP.

Andy

0 Kudos
Chris_Atkinson
Employee Employee
Employee

For awareness:

notes.png

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap

    Wed 01 May 2024 @ 02:00 PM (EDT)

    South US: HTTPS Inspection Best Practices

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap

    Wed 01 May 2024 @ 02:00 PM (EDT)

    South US: HTTPS Inspection Best Practices

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    CheckMates Events