https://live.paloaltonetworks.com/t5/general-topics/netflow-not-working-with-qradar/m-p/547932#M111894 <P>Hello,</P> <P>I found the solution.&nbsp;</P> <P>For the HA to remain synchronize, we need to set the service route manually on both platforms (active and passive) to be the same interface data (PA 52xx and PA 7xxx).</P> <P>Once you complete&nbsp; your netflow configuration on the active PA and you commit, the cluster (HA) will synchronize correctly.</P> <P>Thanks;</P> Sun, 02 Jul 2023 02:51:32 GMT Nathus 2023-07-02T02:51:32Z https://live.paloaltonetworks.com/t5/general-topics/netflow-not-working-with-qradar/m-p/547860#M111888 <P>Hello !</P> <P>&nbsp;</P> <P>Im having issue with my netflow configuration on the PA5260 in HA mode.</P> <P>&nbsp;</P> <P>I'm not receiving any log on my Qradar where as i have configure the netflow by following the&nbsp;<A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJzCAK" target="_blank" rel="nofollow noopener noreferrer">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJzCAK</A></P> <P>The following Step have beeen done:</P> <P>1. Netflow profil created</P> <P>2. Profil applied on a subinterface</P> <P>3. use of ae3 interface in a service route.</P> <P>4. connectivite between ae3 interface and the Qradar</P> <P>&nbsp;</P> <P>And my HA peer is not synchronize also even i try manuel config sync</P> <P>&nbsp;</P> <P>The configuration is like something in below</P> <P>&nbsp;</P> <P><SPAN>show | match netflow</SPAN><BR /><SPAN>set deviceconfig system route service netflow source address 10.10.10.14/29</SPAN><BR /><SPAN>set deviceconfig system route service netflow source interface ae3.600</SPAN><BR /><SPAN>set network interface tunnel units tunnel.11 netflow-profile NetFlow_SOC_Qradar</SPAN><BR /><SPAN>set network interface tunnel units tunnel.14 netflow-profile NetFlow_SOC_Qradar</SPAN><BR /><SPAN>set shared server-profile netflow NetFlow_SOC_Qradar server Qradar host 1.1.1.1/24</SPAN><BR /><SPAN>set shared server-profile netflow NetFlow_SOC_Qradar server Qradar port 2055</SPAN><BR /><SPAN>set shared server-profile netflow NetFlow_SOC_Qradar template-refresh-rate minutes 1</SPAN><BR /><SPAN>set shared server-profile netflow NetFlow_SOC_Qradar template-refresh-rate packets 20</SPAN><BR /><SPAN>set shared server-profile netflow NetFlow_SOC_Qradar active-timeout 1</SPAN><BR /><SPAN>set shared server-profile netflow NetFlow_SOC_Qradar export-enterprise-fields no</SPAN><BR /><SPAN>set shared admin-role Monitor-full-access role device webui device server-profile netflow read-only</SPAN></P> <P>&nbsp;</P> <P>Thansk in advance for your help.</P> <P>&nbsp;</P> <P>Best Regards</P> Fri, 30 Jun 2023 09:55:16 GMT https://live.paloaltonetworks.com/t5/general-topics/netflow-not-working-with-qradar/m-p/547860#M111888 Nathus 2023-06-30T09:55:16Z https://live.paloaltonetworks.com/t5/general-topics/netflow-not-working-with-qradar/m-p/547932#M111894 <P>Hello,</P> <P>I found the solution.&nbsp;</P> <P>For the HA to remain synchronize, we need to set the service route manually on both platforms (active and passive) to be the same interface data (PA 52xx and PA 7xxx).</P> <P>Once you complete&nbsp; your netflow configuration on the active PA and you commit, the cluster (HA) will synchronize correctly.</P> <P>Thanks;</P> Sun, 02 Jul 2023 02:51:32 GMT https://live.paloaltonetworks.com/t5/general-topics/netflow-not-working-with-qradar/m-p/547932#M111894 Nathus 2023-07-02T02:51:32Z