Netflow questions

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Netflow questions

L0 Member

Hello!

 

When we apply a Netflow profile to an interface, does it capture the ingress, egress or both flows?

 

If we apply the same profile to the Inside and the Outside interface, and we have a flow which passes both of them, will we send duplicated information about this flow to the remote Netflow Analyzer?

 

Thank you!

1 accepted solution

Accepted Solutions

Community Team Member

Hi @ichakarov ,

 

You can use it to export statistics about the IP traffic ingressing the interfaces.

All Palo Alto Networks firewalls support NetFlow Version 9. The firewalls support only unidirectional NetFlow, not bidirectional.

 

Source: https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/netflow-monitoring

 

Kind regards,

-Kim.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

View solution in original post

3 REPLIES 3

Community Team Member

Hi @ichakarov ,

 

You can use it to export statistics about the IP traffic ingressing the interfaces.

All Palo Alto Networks firewalls support NetFlow Version 9. The firewalls support only unidirectional NetFlow, not bidirectional.

 

Source: https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/netflow-monitoring

 

Kind regards,

-Kim.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

L1 Bithead

Hello !

 

Im having issue with my netflow configuration on the PA5260.

 

I'm not receiving any log on my Qradar where as i have configure the netflow by following the https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJzCAK

The following Step have beeen done:

1. Netflow profil created

2. Profil applied on a subinterface

3. use of ae3 interface in a service route.

4. connectivite between ae3 interface and the Qradar

 

Thansk in advance for your help.

 

Best Regards

 

 

 

L1 Bithead

Hello,

 

bellow is my netflow config

 

show | match netflow
set deviceconfig system route service netflow source address 10.10.10.14/29
set deviceconfig system route service netflow source interface ae3.600
set network interface tunnel units tunnel.11 netflow-profile NetFlow_SOC_Qradar
set network interface tunnel units tunnel.14 netflow-profile NetFlow_SOC_Qradar
set shared server-profile netflow NetFlow_SOC_Qradar server Qradar host 1.1.1.1/24
set shared server-profile netflow NetFlow_SOC_Qradar server Qradar port 2055
set shared server-profile netflow NetFlow_SOC_Qradar template-refresh-rate minutes 1
set shared server-profile netflow NetFlow_SOC_Qradar template-refresh-rate packets 20
set shared server-profile netflow NetFlow_SOC_Qradar active-timeout 1
set shared server-profile netflow NetFlow_SOC_Qradar export-enterprise-fields no
set shared admin-role Monitor-full-access role device webui device server-profile netflow read-only

  • 1 accepted solution
  • 2061 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!