Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Contributor

R80.30 Netflow Setup

Pre R80.10 Netflow worked fine.

Now on R80.30 I have two flows that are identical -- but one only shows Outbound and the other only shows Inbound BUT -- and this is perplexing -- it is the exact same traffic for both inbound and outbound flows -- i.e. source and destination are the same.

Yes.. let that simmer for a while.

I have one rule that's configured on the firewall and it's a rule that a lot of web traffic hits on.

I'm using ManageEngine's Netflow Analyzer.

For this traffic, I would expect there should be one flow and it should include both inbound and outbound traffic on the one interface (the internal interface it's hitting).

0 Kudos
Reply
34 Replies
Highlighted
Employee+
Employee+

Hi,

 

Is your rule contain Accounting? if not please add it and re-check since in R80.30 to see netflow you need to enable accounting on the rule.

 

Thansk,

Ilya 

0 Kudos
Reply
Highlighted
Contributor

@Ilya_Yusupov -- would I be receiving any netflows if it did not already include accounting?
0 Kudos
Reply
Highlighted
Employee+
Employee+

Depends on your RB, might be you have APPI layer which Accounting is enabled so you are getting info on this one.

0 Kudos
Reply
Highlighted
Contributor

No, we have one unified policy (layered).

Highlighted
Contributor

bump

0 Kudos
Reply
Highlighted
Employee+
Employee+

Is the traffic NATED? i tried to see in my lab if i replicate the issue, currently without any success.

 

 

Highlighted
Contributor

Yes, it is NAT'd.. outbound.

0 Kudos
Reply
Highlighted
Contributor

Bump

Highlighted
Contributor

so i have netflow issues with r80.30  too

i had all interfaces showing with netflow on my netflow box.,  now im on r80.30  i didnt get anything,

 

so enabled accounting on a few rules that are logging, but now on my netflow box the MGMT port is the only port showing netflow, but i get 1 or 2 packets.  checked firewalls between and get the odd packet come through,

 

so annoying!.

Highlighted
Employee+
Employee+

Hi,

 

There are several issues that we identify in Netflow in R80.30, the outbound issue was found and RnD working on the fix

so once we validate the fix we will push it to our next JHF, if you wish to get the fix before the JHF please open a ticket and share it with me.

 

Regarding the VRRP issue, there is a general issue with accounting in VRRP topology so we are working with RnD also to identify the RCA and fix it, once we will have a fix we will push it as well to our next JHF, this explain why Netflow is not working on VRRP as there is no accounting.

 

i will update once all the above will be fixed.

 

Thanks,

Ilya 

Highlighted
Contributor

thanks for the update on VRRP

 

will await an update on this

 

 

Highlighted
Contributor

Thanks for the update. Looking forward to the fix and getting Netflow working again.

0 Kudos
Reply
Highlighted
Employee+
Employee+

we have a fixes for Netflow issues, we are pushing them to be included to next JHF's meanwhile if you want to get them immediately you can open TAC case for a port fix.

 

Thanks,

Ilya   

Highlighted
Contributor

as i have a case open, do i  get this?

0 Kudos
Reply
Highlighted
Employee+
Employee+

@Steve_Payne1  - I will try to push those fixes together with the VRRP fix in your case.

Highlighted
Contributor

is there any news on this fix?

Highlighted
Employee+
Employee+

Not included in JHF yet but the fixes exist, if you need it immediately please open TAC case and we will port it.

 

i'm pushing it to get them into a JHF. 

Highlighted
Participant

Has the JHF now been published?
Highlighted
Participant

Any news about this?

Highlighted
Employee+
Employee+

Hi,

 

There is on-going R80.30 JHF 195 which include the fixes.

 

Thanks,

Ilya 

Highlighted
Contributor

hi, good news, when is that being released?
0 Kudos
Reply
Highlighted
Contributor

I'm on R80.40 JHF Take 48 and am still seeing multiple interfaces with nearly identical traffic. Inbound/outbound is still messed up.

0 Kudos
Reply
Highlighted
Contributor

any news on the fix,  the JHF didnt fix it, so netflow still doesnt work with r80.30 and VRRP

Highlighted
Explorer

Hi.

Any updates? We have same issue...

0 Kudos
Reply
Highlighted
Employee+
Employee+

hi @TestAccount ,

 

The issue is not in Netflow as all fixes already included in JHF but there was an issue in accounting log in VRRP which fixed in JHF 210.

0 Kudos
Reply
Highlighted
Contributor

@Ilya_Yusupov, sk159432 does not describe the issue I am experiencing.

0 Kudos
Reply
Highlighted
Employee+
Employee+

@B_P ,

 

what is the issue you experiencing? 

0 Kudos
Reply
Highlighted
Contributor

Please see the original post, thanks.

0 Kudos
Reply
Highlighted
Employee+
Employee+

@B_P ,

 

But this was fixed and integrated to JHF, are you saying you still see an issue?

if yes can you share JHF that you are using?

 

My answer was to @TestAccount  as i understand in his case Netflow is not working at all which may indicate to issue in the SK.

0 Kudos
Reply