Issues with netflow.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Issues with netflow.

L0 Member

We are having issues getting our information from our PaloAlto 5020's.  It looks like it is sending but we do not have any chartable information on either of our netflow servers.  We are using Solarwinds Netflow Traffic Analyzer as well as What's up gold flow analyzer.  Palo Alto says that I have setup the server profile and applied it to the interfaces properly. I would just like to get someone else opinion on this.  It seems that anything that is reporting on Netflow version 9 is giving this issue.  Any help is greatly appreciated.

1 accepted solution

Accepted Solutions

L0 Member

The fix for this issue is slated for OS 4.1.7 which should be available by the end of June. This is from Palo Alto engineers.

View solution in original post

5 REPLIES 5

L5 Sessionator

Generally following error messge is seen on the Orion NTA:

*Error Message on The Orion Netflow Traffic Analyzer :


NetFlow Receiver Service [US-HEN-ORION01] is receiving NetFlow data from an unmanaged interface on PA-5050. The NetFlow data will be discarded.

*PA firewall sends out these fields INPUT_SNMP and OUTPUT_SNMP which are used by Orion NTA to analyze the Netflow data as per the Orion NTA Admin Guide just with different names InputInt and OutputInt but matching indices  as per the RFC 3954.

* This is also being checked with Solaris Engineering if this could cause some knd of incompatibilty.

I will update this discussion once I have some more info.


					
				
			
			
				
			
			
			
			
			
			
			
		

L0 Member

The fix for this issue is slated for OS 4.1.7 which should be available by the end of June. This is from Palo Alto engineers.

Theres a great article in the knowledgebase regarding this:

(id 36257, Some data being sent to Netflow connector is in the wrong format.)

I applied the update to 4.1.7 and am still getting no byte counts when I look at Netflow conversations in Whatsup Gold. I tried deleting the PA as a Netflow source and adding it back as well as I recreated the Netflow profile on the PA but neither fix seemed to work. Is there something else I need to do?

Hi you need to go under

Device tab - Setup - Services Features - Service route configuration

change it to Customize and change Netflow and SNMP trap to the specific interface.

that should work.

Good Luck

  • 1 accepted solution
  • 6849 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!