cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
B_P
Nickel

R80.30 Netflow Setup

Pre R80.10 Netflow worked fine.

Now on R80.30 I have two flows that are identical -- but one only shows Outbound and the other only shows Inbound BUT -- and this is perplexing -- it is the exact same traffic for both inbound and outbound flows -- i.e. source and destination are the same.

Yes.. let that simmer for a while.

I have one rule that's configured on the firewall and it's a rule that a lot of web traffic hits on.

I'm using ManageEngine's Netflow Analyzer.

For this traffic, I would expect there should be one flow and it should include both inbound and outbound traffic on the one interface (the internal interface it's hitting).

0 Kudos
13 Replies
Employee+
Employee+

Re: R80.30 Netflow Setup

Hi,

 

Is your rule contain Accounting? if not please add it and re-check since in R80.30 to see netflow you need to enable accounting on the rule.

 

Thansk,

Ilya 

0 Kudos
B_P
Nickel

Re: R80.30 Netflow Setup

@Ilya_Yusupov -- would I be receiving any netflows if it did not already include accounting?
0 Kudos
Employee+
Employee+

Re: R80.30 Netflow Setup

Depends on your RB, might be you have APPI layer which Accounting is enabled so you are getting info on this one.

0 Kudos
B_P
Nickel

Re: R80.30 Netflow Setup

No, we have one unified policy (layered).

0 Kudos
B_P
Nickel

Re: R80.30 Netflow Setup

bump

0 Kudos
Employee+
Employee+

Re: R80.30 Netflow Setup

Is the traffic NATED? i tried to see in my lab if i replicate the issue, currently without any success.

 

 

B_P
Nickel

Re: R80.30 Netflow Setup

Yes, it is NAT'd.. outbound.

0 Kudos
B_P
Nickel

Re: R80.30 Netflow Setup

Bump

0 Kudos

Re: R80.30 Netflow Setup

so i have netflow issues with r80.30  too

i had all interfaces showing with netflow on my netflow box.,  now im on r80.30  i didnt get anything,

 

so enabled accounting on a few rules that are logging, but now on my netflow box the MGMT port is the only port showing netflow, but i get 1 or 2 packets.  checked firewalls between and get the odd packet come through,

 

so annoying!.

0 Kudos
Employee+
Employee+

Re: R80.30 Netflow Setup

Hi,

 

There are several issues that we identify in Netflow in R80.30, the outbound issue was found and RnD working on the fix

so once we validate the fix we will push it to our next JHF, if you wish to get the fix before the JHF please open a ticket and share it with me.

 

Regarding the VRRP issue, there is a general issue with accounting in VRRP topology so we are working with RnD also to identify the RCA and fix it, once we will have a fix we will push it as well to our next JHF, this explain why Netflow is not working on VRRP as there is no accounting.

 

i will update once all the above will be fixed.

 

Thanks,

Ilya 

0 Kudos

Re: R80.30 Netflow Setup

thanks for the update on VRRP

 

will await an update on this

 

 

B_P
Nickel

Re: R80.30 Netflow Setup

Thanks for the update. Looking forward to the fix and getting Netflow working again.

0 Kudos
Employee+
Employee+

Re: R80.30 Netflow Setup

we have a fixes for Netflow issues, we are pushing them to be included to next JHF's meanwhile if you want to get them immediately you can open TAC case for a port fix.

 

Thanks,

Ilya