R80.30 Netflow Setup

B_P · ‎2019-08-26

Pre R80.10 Netflow worked fine.

Now on R80.30 I have two flows that are identical -- but one only shows Outbound and the other only shows Inbound BUT -- and this is perplexing -- it is the exact same traffic for both inbound and outbound flows -- i.e. source and destination are the same.

Yes.. let that simmer for a while.

I have one rule that's configured on the firewall and it's a rule that a lot of web traffic hits on.

I'm using ManageEngine's Netflow Analyzer.

For this traffic, I would expect there should be one flow and it should include both inbound and outbound traffic on the one interface (the internal interface it's hitting).

Ilya_Yusupov · ‎2019-08-26

Hi,

Is your rule contain Accounting? if not please add it and re-check since in R80.30 to see netflow you need to enable accounting on the rule.

Thansk,

Ilya

B_P · ‎2019-08-27

@Ilya_Yusupov -- would I be receiving any netflows if it did not already include accounting?

Ilya_Yusupov · ‎2019-08-27

Depends on your RB, might be you have APPI layer which Accounting is enabled so you are getting info on this one.

B_P · ‎2019-08-27

No, we have one unified policy (layered).

B_P · ‎2019-08-30

bump

Ilya_Yusupov · ‎2019-08-30

Is the traffic NATED? i tried to see in my lab if i replicate the issue, currently without any success.

B_P · ‎2019-08-31

Yes, it is NAT'd.. outbound.

B_P · ‎2019-09-17

Bump

Steve_Payne1 · ‎2019-11-20

so i have netflow issues with r80.30 too

i had all interfaces showing with netflow on my netflow box., now im on r80.30 i didnt get anything,

so enabled accounting on a few rules that are logging, but now on my netflow box the MGMT port is the only port showing netflow, but i get 1 or 2 packets. checked firewalls between and get the odd packet come through,

so annoying!.

Ilya_Yusupov · ‎2019-11-23

Hi,

There are several issues that we identify in Netflow in R80.30, the outbound issue was found and RnD working on the fix

so once we validate the fix we will push it to our next JHF, if you wish to get the fix before the JHF please open a ticket and share it with me.

Regarding the VRRP issue, there is a general issue with accounting in VRRP topology so we are working with RnD also to identify the RCA and fix it, once we will have a fix we will push it as well to our next JHF, this explain why Netflow is not working on VRRP as there is no accounting.

i will update once all the above will be fixed.

Thanks,

Ilya

Steve_Payne1 · ‎2019-11-25

thanks for the update on VRRP

will await an update on this

B_P · ‎2019-11-25

Thanks for the update. Looking forward to the fix and getting Netflow working again.

Ilya_Yusupov · ‎2019-12-08

we have a fixes for Netflow issues, we are pushing them to be included to next JHF's meanwhile if you want to get them immediately you can open TAC case for a port fix.

Thanks,

Ilya

Steve_Payne1 · ‎2019-12-09

as i have a case open, do i get this?

Ilya_Yusupov · ‎2019-12-09

@Steve_Payne1 - I will try to push those fixes together with the VRRP fix in your case.

Steve_Payne1 · ‎2020-01-08

is there any news on this fix?

Ilya_Yusupov · ‎2020-01-08

Not included in JHF yet but the fixes exist, if you need it immediately please open TAC case and we will port it.

i'm pushing it to get them into a JHF.

Roger_Norton · ‎2020-03-30

Has the JHF now been published?

EspenH · ‎2020-04-28

Any news about this?

Ilya_Yusupov · ‎2020-04-28

Hi,

There is on-going R80.30 JHF 195 which include the fixes.

Thanks,

Ilya

Steve_Payne1 · ‎2020-04-29

hi, good news, when is that being released?

B_P · ‎2020-07-13

I'm on R80.40 JHF Take 48 and am still seeing multiple interfaces with nearly identical traffic. Inbound/outbound is still messed up.

Steve_Payne1 · ‎2020-08-19

any news on the fix, the JHF didnt fix it, so netflow still doesnt work with r80.30 and VRRP

TestAccount · ‎2020-08-10

Hi.

Any updates? We have same issue...

Ilya_Yusupov · ‎2020-08-20

hi @TestAccount ,

The issue is not in Netflow as all fixes already included in JHF but there was an issue in accounting log in VRRP which fixed in JHF 210.

B_P · ‎2020-08-20

@Ilya_Yusupov, sk159432 does not describe the issue I am experiencing.

Ilya_Yusupov · ‎2020-08-20

@B_P ,

what is the issue you experiencing?

B_P · ‎2020-08-20

Please see the original post, thanks.

Ilya_Yusupov · ‎2020-08-20

@B_P ,

But this was fixed and integrated to JHF, are you saying you still see an issue?

if yes can you share JHF that you are using?

My answer was to @TestAccount as i understand in his case Netflow is not working at all which may indicate to issue in the SK.

Are you a member of CheckMates?

R80.30 Netflow Setup