This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Fung_To_Puk
Participant
‎2021-07-26 08:21 PM
Jump to solution

VSX Netflow per VS

I just tested in lab VSX Netflow with R81 and R81.10 VSX gateway and notice there is a different behaviour between 2 versions.

On R81 VSX gateway, I could sent out netflow per VS with its own IP as source address (verified by wireshark on the collector).

On R81.10 VSX gateway, it is reverted to same behaviour as R80.40 that all netflow is sent by VS0, if VS0 does not have any route to go out, then no netflow can be received by the collector.

Anybody could confirm which behaviour is final? or there are specific procedure for R81.10 to make it same as R81?

0 Kudos
1 Solution

Accepted Solutions
_Val_
Admin
Admin
‎2024-02-13 01:04 AM
In response to sravanan17
Jump to solution

If you need a specific enhancement related to this topic, please raise an RFE through the standard channels.

View solution in original post

0 Kudos
8 Replies
PhoneBoy
Admin
Admin
‎2021-07-27 12:28 AM
Jump to solution

One of two possibilities:

  • R81 had the incorrect behavior
  • This was "fixed" in R81 but was regressed in R81.10

This SK suggests the first one is probably the case: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 
Regardless, I recommend a TAC case. 

0 Kudos
Fadi_Moussa
Employee
Employee
‎2021-07-27 01:36 AM
Jump to solution

Hi, 

 

What you are seeing in R81.10 is the correct behavior. Traffic should be leaving through VS0 instead of the VS itself. This is also described in  https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

 

However, in R81 there was a bug that traffic was sent per VS with its own IP as source address. This bug is already solved and will be released in a Jumbo HF version soon. 

 

Thanks,

Fadi 

0 Kudos
Fung_To_Puk
Participant
‎2021-07-27 01:51 AM
In response to Fadi_Moussa
Jump to solution

That's too bad.

Actuall,y why not let each VS sent netflow on its own? This is what most customer would expect and requested as usually each VS belong to different network which is not accessible (also not allowed) through VS0.

I know some may suggest adding a virtual switch then all VS and VS0 conenct to that switch which would make the netflow able to sent from VS0, but that is explicitly forbidded as each VS belong to different customer/administrator.

Fadi_Moussa
Employee
Employee
‎2021-07-27 02:05 AM
In response to Fung_To_Puk
Jump to solution

Hi, 

 

I understand your concern.

I will take it internally with R&D to see if we can develop something else for future releases. 

sravanan17
Explorer
‎2024-02-12 05:42 AM
In response to Fadi_Moussa
Jump to solution

Hi Fadi,
I would like to know if you have got any update or latest news on this topic.

Thanks,
Saravana

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2024-02-12 07:53 AM
In response to sravanan17
Jump to solution

There are VSX changes coming with R82 but not sure about Netflow specifically.

Please follow this up with your local SE to confirm and ensure it is supported by RFEs.

CCSM R77/R80/ELITE
0 Kudos
sravanan17
Explorer
‎2024-02-13 01:09 AM
In response to Chris_Atkinson
Jump to solution

Hi Chris,
Thanks for your response, noted.

Regards,
Saravana

0 Kudos
_Val_
Admin
Admin
‎2024-02-13 01:04 AM
In response to sravanan17
Jump to solution

If you need a specific enhancement related to this topic, please raise an RFE through the standard channels.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events