How to avoid Netflow record for denied traffic

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

How to avoid Netflow record for denied traffic

L0 Member

Hi !

we have configured Netflow server and the profile is attached to Inside interface, we are getting Netflow records and it seems working fine. but what we have observed is, we are seeing the Netflows for the traffic which is getting denied by Firewall rule also and they are marked as Flow denied in  the event type. i am searching for the option to stop sending the netflows for the traffic denied by firewall rule but i could not find any so far. please help me if any one knows how to do it ?
Thanks in advance

1 REPLY 1

Cyber Elite
Cyber Elite

Thank you for posting question @Tulasi 

 

The event you are referring to is recorded in the NetFlow Template, Value: 233 (firewallEvent) 3 = Flow denied—The NetFlow data record indicates a flow that firewall policy denied. https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/monitoring/netflow-monitoring/netflow-tem...

I was searching myself whether there is any way to exclude some flows or build a custom NetFlow Template to exclude some of the values, but I have not found any option to configure it directly on Firewall. Unless you can exclude it on NetFlow Collector/Analyzer side, there is likely no option to do it. I know that with some NetFlow Analyzers it is possible to filter view to exclude some hosts or subnets.

 

Kind Regards

Pavel

 

 

Help the community: Like helpful comments and mark solutions.
  • 3878 Views
  • 1 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!