Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Fung_To_Puk
Participant

VSX Netflow per VS

I just tested in lab VSX Netflow with R81 and R81.10 VSX gateway and notice there is a different behaviour between 2 versions.

On R81 VSX gateway, I could sent out netflow per VS with its own IP as source address (verified by wireshark on the collector).

On R81.10 VSX gateway, it is reverted to same behaviour as R80.40 that all netflow is sent by VS0, if VS0 does not have any route to go out, then no netflow can be received by the collector.

Anybody could confirm which behaviour is final? or there are specific procedure for R81.10 to make it same as R81?

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

One of two possibilities:

  • R81 had the incorrect behavior
  • This was "fixed" in R81 but was regressed in R81.10

This SK suggests the first one is probably the case: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 
Regardless, I recommend a TAC case. 

0 Kudos
Fadi_Moussa
Employee
Employee

Hi, 

 

What you are seeing in R81.10 is the correct behavior. Traffic should be leaving through VS0 instead of the VS itself. This is also described in  https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

 

However, in R81 there was a bug that traffic was sent per VS with its own IP as source address. This bug is already solved and will be released in a Jumbo HF version soon. 

 

Thanks,

Fadi 

0 Kudos
Fung_To_Puk
Participant

That's too bad.

Actuall,y why not let each VS sent netflow on its own? This is what most customer would expect and requested as usually each VS belong to different network which is not accessible (also not allowed) through VS0.

I know some may suggest adding a virtual switch then all VS and VS0 conenct to that switch which would make the netflow able to sent from VS0, but that is explicitly forbidded as each VS belong to different customer/administrator.

0 Kudos
Fadi_Moussa
Employee
Employee

Hi, 

 

I understand your concern.

I will take it internally with R&D to see if we can develop something else for future releases.