The Palo Alto Networks firewalls do not currently support sampling rate for Netflow.
The following configurable factors govern how/when the Netflow records are exported to the Netflow Collector:
#Template Refresh Rate:
- Minutes : No. of packets after which the Netflow template is refreshed . (default 30 min,range 1-3600)
- Packets : No. of packets after which the Netflow template is refreshed. ( default 20 ,range 1-600)
#Active Timeout
- Frequency at which data records are exported for each session (minutes).(Def-5 max 60)
Netflow stats can be viewed from the CLI using the following CLI command:
> debug log-receiver netflow statistics
DP->MP Comm. Counters
--------------------------------------------------------------------------------
Total DP netflow rec rcvd : 0
Create (subtype netflow, pkts cnt 1) rcvd : 0
Create (sess start) rcvd : 0
Update recs rcvd and converted into netflow events: 0
Update recs rcvd during active timeout : 0
Unexpected Update recs : 0
Deny recs rcvd : 0
Unexpected deny recs rcvd : 0
Sess end recs rcvd : 0
Unexpected End recs : 0
Update recs recvd with zero pkts count : 0
Recs recvd with invalid duration : 0
Unknown recs type : 0
Out of order recs : 0
--------------------------------------------------------------------------------
Netflow Statistics
--------------------------------------------------------------------------------
Template Config Last Refreshes Pkts Sent (errors)
--------------------------------------------------------------------------------
Total Netflow packets exported : 0 (errors 0)
Note: Netflow is not supported on the PA-4000 Series firewalls.
owner: pvemuri