How to approve that PaloAlto is sending Netflow

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

How to approve that PaloAlto is sending Netflow

L0 Member

Hi, Please I need Help !! 

 

I have installed Netflow integrator to collect netflow data from PaloAlto firewall.I have configured PaloAlto to send netflow data to the server Netflow Integrator.But there is no data is receiving .

How can I know that paloalto is sending netflow.Is there a solution that help me to verify ?

Thanks in advance.

 

Best Regards.

1 REPLY 1

Community Team Member

Hi,

 

By default netflow will use the management port (if you have no service route configured for Netflow service).

 

Via the CLI you can do the following to capture traffic from your mgmt-port to your Netflow server IP address :

> tcpdump filter "host <IP>"

 

Let it run the time you have configured your Refresh rate in your netflow server profile.

 

Press Ctrl-C to stop the capture and use the following command to check your tcpdump content :

> view-pcap mgmt-pcap mgmt.pcap

 

You also might want to verify if there are actual netflow records :

> debug log-receiver netflow statistics

 

And it might seem silly, but you did apply the netflow profile to an interface right ?

 

Hope it helps,

-Kim.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
  • 1660 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!