09-08-2021 01:49 AM
Hi !
we have configured Netflow server and the profile is attached to Inside interface, we are getting Netflow records and it seems working fine. but what we have observed is, we are seeing the Netflows for the traffic which is getting denied by Firewall rule also and they are marked as Flow denied in the event type. i am searching for the option to stop sending the netflows for the traffic denied by firewall rule but i could not find any so far. please help me if any one knows how to do it ?
Thanks in advance
09-17-2021 04:21 PM
Thank you for posting question @Tulasi
The event you are referring to is recorded in the NetFlow Template, Value: 233 (firewallEvent) 3 = Flow denied—The NetFlow data record indicates a flow that firewall policy denied. https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/monitoring/netflow-monitoring/netflow-tem...
I was searching myself whether there is any way to exclude some flows or build a custom NetFlow Template to exclude some of the values, but I have not found any option to configure it directly on Firewall. Unless you can exclude it on NetFlow Collector/Analyzer side, there is likely no option to do it. I know that with some NetFlow Analyzers it is possible to filter view to exclude some hosts or subnets.
Kind Regards
Pavel
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
