Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
John_Fleming
Advisor

netfow seems broken on 1500

i enabled netflow to send data to an elk stack instance. Nothing showed up. Ran a packet capture.. nothing in capture..

netstat -an | grep 2055 ...nada

 

did a strace on the netflow process and i see over and over

9984 openat(AT_FDCWD, "/proc/ppk/netflow-conf", O_RDWR) = -1 ENOENT (No such file or directory)

 

which for sure doesn't exist. Sad panda, case opened. Oh and yes I rebooted after turned on netflow.

0 Kudos
6 Replies
Chris_Atkinson
Employee
Employee

Hi

Per sk159772 it should be supported, which version/build are you running?

0 Kudos
John_Fleming
Advisor

This is Check Point's 1550 Appliance R80.20.01 - Build 909 - this is to fix the kernel panic in the other thread. 

I noticed some extra config options opened up now and I don't understand what they do. The docs are good enough to tell me the arguments are IP and port. That cleared up a lot.

set netflow collector for-ip x.x.x.x for-port 2055 

I have no idea what a for-ip and for-port is but it seems to auto fill with the collector ip and port.  ¯\_(ツ)_/¯

0 Kudos
G_W_Albrecht
Legend
Legend

Did you configure the net flow collector following SMB 1500 Appliance Series R80.20.01 CLI Reference Guide p.627ff ?

0 Kudos
Amir_Erman
Employee
Employee

Indeed, this is broken on 15xx; We suspect similar issue on other releases

We are working to fix it

Thanks

Amir

John_Fleming
Advisor

Hot off the presses.

 

Netflow support is indeed broken and the support page is going to be updated to reflect Netflow being unsupported on R80.20 Gaia Embedded.

It is planned to be fixed but there is no ETA. At least I wasn't told to go RFE myself so hurrah for that. 

0 Kudos

That is very disturbing news actually 😟

0 Kudos