This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
John_Fleming
Advisor
‎2020-02-07 08:21 PM

netfow seems broken on 1500

i enabled netflow to send data to an elk stack instance. Nothing showed up. Ran a packet capture.. nothing in capture..

netstat -an | grep 2055 ...nada

 

did a strace on the netflow process and i see over and over

9984 openat(AT_FDCWD, "/proc/ppk/netflow-conf", O_RDWR) = -1 ENOENT (No such file or directory)

 

which for sure doesn't exist. Sad panda, case opened. Oh and yes I rebooted after turned on netflow.

0 Kudos
9 Replies
Chris_Atkinson
Employee Employee
Employee
‎2020-02-08 02:42 AM

Hi

Per sk159772 it should be supported, which version/build are you running?

CCSM R77/R80/ELITE
0 Kudos
John_Fleming
Advisor
‎2020-02-08 07:42 AM
In response to Chris_Atkinson

This is Check Point's 1550 Appliance R80.20.01 - Build 909 - this is to fix the kernel panic in the other thread. 

I noticed some extra config options opened up now and I don't understand what they do. The docs are good enough to tell me the arguments are IP and port. That cleared up a lot.

set netflow collector for-ip x.x.x.x for-port 2055 

I have no idea what a for-ip and for-port is but it seems to auto fill with the collector ip and port.  ¯\_(ツ)_/¯

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2020-02-11 07:02 AM
In response to John_Fleming

Did you configure the net flow collector following SMB 1500 Appliance Series R80.20.01 CLI Reference Guide p.627ff ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Amir_Erman
Employee
Employee
‎2020-02-11 07:06 AM

Indeed, this is broken on 15xx; We suspect similar issue on other releases

We are working to fix it

Thanks

Amir

John_Fleming
Advisor
‎2020-02-24 02:50 PM
In response to Amir_Erman

Hot off the presses.

 

Netflow support is indeed broken and the support page is going to be updated to reflect Netflow being unsupported on R80.20 Gaia Embedded.

It is planned to be fixed but there is no ETA. At least I wasn't told to go RFE myself so hurrah for that. 

0 Kudos
HristoGrigorov
Mentor
Mentor
‎2020-02-24 10:04 PM
In response to John_Fleming

That is very disturbing news actually 😟

0 Kudos
_Val_
Admin
Admin
‎2021-09-01 03:49 AM
In response to John_Fleming

@John_Fleming where this info coming from? sk159772 says Netflow is supported on R80.20.x with the only limitations related to CLI config. 

0 Kudos
Liran_H
Explorer
‎2021-09-01 02:51 AM
In response to Amir_Erman

Is there any update regarding this issue?

0 Kudos
_Val_
Admin
Admin
‎2021-09-01 03:49 AM
In response to Liran_H

Netflow is supported on Gaia SMB R80.20.x versions and can be configured via CLI only

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top