Netflow for R80.10

Muhammad_Ansour · ‎2018-11-26

Anyone ever send Netflow data to Stealthwatch, I'm can't find any data sheet that list the collectors that are compatible with Checkpoint Firewall.

LeoBistmans · ‎2019-07-05

It is a standard, so it should just work.

Positive results on 80.10 ipfix / netflow 10 towards an nfsen based Flowmon collector.

Would be nice to see more extended npm ipfix fields:

MikeB · ‎2019-07-15

I'm with the same problem trying to send Netflow to Stealthwatch.

Im using Check Point Sec. Gw Gaiga R80.30 with IPFIX (netflow 10) sending data Stealthwatch 7.0.0 but the error that STW show is "Invalid Template Data - Exporter has send invalid template data".

Any suggestions?

Maarten_Sjouw · ‎2019-07-15

You can try to use either version 5 or version 9 and make sure both are set to the same. Default is V5 as far as I know, it is better to fix it and make sure it is set the same on both ends.
Most Netflow applications first want to read from the device via SNMP when you add the device to get information on the interfaces, so you also need to make sure this is allowed.

Regards, Maarten

MikeB · ‎2019-07-20

After some attempts, it worked perfectly with Netflow v5.

Stealthwatch v7.1.0 (as far as I could try) could not recognize Check Point netwflows v9 and IPFIX.

Dilian_Chernev · ‎2020-07-16

Late answer, but it seems in v9/ipfix packet from Gaia, "IP ToS" field is missing and it is required for Stealthwatch.
This field is available in v5, so no problem with it.

Still looking for resolution

Are you a member of CheckMates?

Netflow for R80.10