https://live.paloaltonetworks.com/t5/general-topics/netflow-questions/m-p/547858#M111886 <P>Hello !</P> <P>&nbsp;</P> <P>Im having issue with my netflow configuration on the PA5260.</P> <P>&nbsp;</P> <P>I'm not receiving any log on my Qradar where as i have configure the netflow by following the&nbsp;<A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJzCAK" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJzCAK</A></P> <P>The following Step have beeen done:</P> <P>1. Netflow profil created</P> <P>2. Profil applied on a subinterface</P> <P>3. use of ae3 interface in a service route.</P> <P>4. connectivite between ae3 interface and the Qradar</P> <P>&nbsp;</P> <P>Thansk in advance for your help.</P> <P>&nbsp;</P> <P>Best Regards</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 30 Jun 2023 09:39:53 GMT Nathus 2023-06-30T09:39:53Z https://live.paloaltonetworks.com/t5/general-topics/netflow-questions/m-p/547672#M111864 <P>Hello!</P> <P>&nbsp;</P> <P>When we apply a Netflow profile to an interface, does it capture the ingress, egress or both flows?</P> <P>&nbsp;</P> <P>If we apply the same profile to the Inside and the Outside interface, and we have a flow which passes both of them, will we send duplicated information about this flow to the remote Netflow Analyzer?</P> <P>&nbsp;</P> <P>Thank you!</P> Thu, 29 Jun 2023 08:02:00 GMT https://live.paloaltonetworks.com/t5/general-topics/netflow-questions/m-p/547672#M111864 ichakarov 2023-06-29T08:02:00Z https://live.paloaltonetworks.com/t5/general-topics/netflow-questions/m-p/547701#M111868 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/300386">@ichakarov</a> ,</P> <P>&nbsp;</P> <P>You can use it to export statistics about the IP traffic <STRONG>ingressing</STRONG> the interfaces.</P> <P>All Palo Alto Networks firewalls support NetFlow Version 9. The firewalls support <STRONG>only unidirectional NetFlow, not bidirectional</STRONG>.</P> <P>&nbsp;</P> <P>Source: <A href="https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/netflow-monitoring" target="_blank">https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/netflow-monitoring</A></P> <P>&nbsp;</P> <P>Kind regards,</P> <P>-Kim.</P> Thu, 29 Jun 2023 12:11:09 GMT https://live.paloaltonetworks.com/t5/general-topics/netflow-questions/m-p/547701#M111868 kiwi 2023-06-29T12:11:09Z https://live.paloaltonetworks.com/t5/general-topics/netflow-questions/m-p/547858#M111886 <P>Hello !</P> <P>&nbsp;</P> <P>Im having issue with my netflow configuration on the PA5260.</P> <P>&nbsp;</P> <P>I'm not receiving any log on my Qradar where as i have configure the netflow by following the&nbsp;<A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJzCAK" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJzCAK</A></P> <P>The following Step have beeen done:</P> <P>1. Netflow profil created</P> <P>2. Profil applied on a subinterface</P> <P>3. use of ae3 interface in a service route.</P> <P>4. connectivite between ae3 interface and the Qradar</P> <P>&nbsp;</P> <P>Thansk in advance for your help.</P> <P>&nbsp;</P> <P>Best Regards</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 30 Jun 2023 09:39:53 GMT https://live.paloaltonetworks.com/t5/general-topics/netflow-questions/m-p/547858#M111886 Nathus 2023-06-30T09:39:53Z https://live.paloaltonetworks.com/t5/general-topics/netflow-questions/m-p/547859#M111887 <P>Hello,</P> <P>&nbsp;</P> <P>bellow is my netflow config</P> <P>&nbsp;</P> <P>show | match netflow<BR />set deviceconfig system route service netflow source address 10.10.10.14/29<BR />set deviceconfig system route service netflow source interface ae3.600<BR />set network interface tunnel units tunnel.11 netflow-profile NetFlow_SOC_Qradar<BR />set network interface tunnel units tunnel.14 netflow-profile NetFlow_SOC_Qradar<BR />set shared server-profile netflow NetFlow_SOC_Qradar server Qradar host 1.1.1.1/24<BR />set shared server-profile netflow NetFlow_SOC_Qradar server Qradar port 2055<BR />set shared server-profile netflow NetFlow_SOC_Qradar template-refresh-rate minutes 1<BR />set shared server-profile netflow NetFlow_SOC_Qradar template-refresh-rate packets 20<BR />set shared server-profile netflow NetFlow_SOC_Qradar active-timeout 1<BR />set shared server-profile netflow NetFlow_SOC_Qradar export-enterprise-fields no<BR />set shared admin-role Monitor-full-access role device webui device server-profile netflow read-only</P> Fri, 30 Jun 2023 09:44:50 GMT https://live.paloaltonetworks.com/t5/general-topics/netflow-questions/m-p/547859#M111887 Nathus 2023-06-30T09:44:50Z