Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Exonix
Advisor

Netflow is empty

Hello,

we have several firewalls (version 80.40) and we have configured them to send Netflow to some SIEM. We receive logs from almost all gateways except one. After investigation, we found that Netflow traffic does not contain any useful information.

How can we troubleshoot this?

Thank you in advance.

6 Replies
Chris_Atkinson
Employee Employee
Employee

How are the rules/policy configured for the troublesome gateway?

In the Track column for rules, you must select Log and Accounting.

CCSM R77/R80/ELITE
0 Kudos
Exonix
Advisor

Hello Chris,

yes, Log and Accounting are enabled for all rules.

We have already compared this problem GW with other - the config is the same. It is not something special, you just enable it, specify the collector and activate for a rule.

Chris_Atkinson
Employee Employee
Employee

Noted. For additional context could you please share the model of gateway and installed JHF version?

CCSM R77/R80/ELITE
0 Kudos
Exonix
Advisor

Hello Chris, I hope you asked about this:

Product Name: VMware Virtual Platform
Product Name: 440BX Desktop Reference Platform

HOTFIX_R80_40_JUMBO_HF_MAIN Take: 94
BUNDLE_R80_40_JUMBO_HF_MAIN Take: 94

0 Kudos
the_rock
Legend
Legend

Not sure in that case, might be worth contacting TAC and troubleshooting further.

0 Kudos
the_rock
Legend
Legend

Chris makes a good point. I would personally also compare to see if there are any differences among that specific gateways and the other ones that would potentially cause this issue.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events