Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Gokul
Explorer

Netflow issue in Firewall of 77.30

Hi we are facing issue with Netflow in Firewall. We have GAIA 77.30 version. Here it used to work but stopped working few days back. Netflow is using Netflow v9. Firewall rules are in place. In TCPdump we cannot see any netflow traffic and any drops to our collector IP. is there any issue with the version?? or any hotfix?? Please help

0 Kudos
8 Replies
_Val_
Admin
Admin

The main issue with R77.30 is that it is out of support for quite a few years. 

0 Kudos
Gokul
Explorer

Any possible ways or any steps that can help? As we are planning for all firewall upgrade but that would take time. 

I see some of our 77.30 firewalls are working fine and sending the Netflow to collector. When compared we see all configuration are same but still no luck with some of the effected Firewalls. 

0 Kudos
Chris_Atkinson
Employee
Employee

You could compare the Jumbo hotfix levels applied between them and align where different.

Options for support are somewhat limited. Is the Gateway a member of a cluster what is its uptime?

0 Kudos
Gokul
Explorer

For some of the affected firewalls we see uptime 726 days, 1072 days, 6 days etc. These are all clusters in 2 firewalls. 

Now i compared one working firewall where version is R77.30 Jumbo hotfix take 345 where one non working one cluster firewalls has take 345 and 351

0 Kudos
Gokul
Explorer

i was checking further, now for one affected device when checked in-between firewalls for any drops till collector we see in one firewall we have netflow traffic 'UDP, bad lenght 1436>1413' mentioned in tcpdump packet length was '1460'. Does that mean that traffic will not pass from that firewall??

0 Kudos
Chris_Atkinson
Employee
Employee

Might imply a Fragmentation/MTU issue or other corruption along the path.

0 Kudos
the_rock
Champion
Champion

Just a shot in the dark here, but, what if you tried reverting the policy to the time when it was working? Were there too many changes made since? I know R77.30 is unsupported, but if tcpdump and zdebug does not show anything, then fw monitor is my only other idea. I know fw up_execute does not work back in R77.30

Andy

0 Kudos
Gokul
Explorer

Actually we are configuring Netflow very recently. For some device which has same version worked and for some it is giving us the mentioned behavior. So i am confused why it shows different behavior if the devices are in r77.30 version. 

0 Kudos