My netflow is not working. I have followed the configuration from SK102041. The format I'm using is v9. The netflow server is Solarwinds. Any one having the same experience? Thanks!
1) Do you have a firewall rule that allows Netflow?2) Are blocked packets displayed:
# fw ctl zdebug drop | grep <Solarwind Server>3) Can you see traffic between the gateway and the Solarwind server?
# fw monitor -e "accept(host=<Solarwind Server>);"
Make sure to also setup SNMP properly for the Solarwinds server, as it will first query the gateway fior the interfaces etc via SNMP before it will add the gateway in Netflow.
Has anyone got anywhere with this?
Just doesn't seem to work consistently like it would on a Cisco device for example? You can see below we've just had nothing from our Gateway for the last 4 hours pretty much.
Nothing is being dropped at all as i can see the port being allowed in the logs. TCPdump or Fw Monitor doesn't show anything.
We are seeing the exact same thing with some of our gateways, we did see that there was one cluster working properly and another was failing, the difference was the Jumbo installed, 103 version worked fine, the newer version just keeps showing dropout like in your graph.
We currently have a case open for this issue.
Apologies for the delay in response.
We have now got this issue fixed as it was relating to General errors for SecureXL - recommend that to your support team and see if they check that. We temporarily added a value then was given a hotfix which has now fixed this.
In our case there were 2 different systems collecting the Netflow data, an older CA collector, which they are phasing out and another newer system, we moved the gateways over to the other collector and now they are receiving data without hesitations, we already found that the gateway was sending data all the time, but the guys did not want to spend time on the CA collector anymore.
If your gateways are now on R80.10, you might want to change from Netflow V9 to IPFIX.
We are having issues with Solarwinds NTA since the 4.5 upgrade. They are blaming Checkpoint but pcaps prove otherwise
We moved one of our gateways to IPFIX a few days ago and the flows seems to be reporting properly now.
The most recent hotfix has fixed our issue, 170 I believe
Retrieving data ...