Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Exonix
Contributor

Netflow is empty

Hello,

we have several firewalls (version 80.40) and we have configured them to send Netflow to some SIEM. We receive logs from almost all gateways except one. After investigation, we found that Netflow traffic does not contain any useful information.

How can we troubleshoot this?

Thank you in advance.

6 Replies
Chris_Atkinson
Employee
Employee

How are the rules/policy configured for the troublesome gateway?

In the Track column for rules, you must select Log and Accounting.

0 Kudos
Exonix
Contributor

Hello Chris,

yes, Log and Accounting are enabled for all rules.

We have already compared this problem GW with other - the config is the same. It is not something special, you just enable it, specify the collector and activate for a rule.

Chris_Atkinson
Employee
Employee

Noted. For additional context could you please share the model of gateway and installed JHF version?

0 Kudos
Exonix
Contributor

Hello Chris, I hope you asked about this:

Product Name: VMware Virtual Platform
Product Name: 440BX Desktop Reference Platform

HOTFIX_R80_40_JUMBO_HF_MAIN Take: 94
BUNDLE_R80_40_JUMBO_HF_MAIN Take: 94

0 Kudos
the_rock
Authority
Authority

Not sure in that case, might be worth contacting TAC and troubleshooting further.

0 Kudos
the_rock
Authority
Authority

Chris makes a good point. I would personally also compare to see if there are any differences among that specific gateways and the other ones that would potentially cause this issue.

0 Kudos