CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 3 of 3

Thread: Netflow and VSX

  1. #1
    Join Date
    2009-12-11
    Posts
    24
    Rep Power
    0

    Default Netflow and VSX

    Hi All,

    I have netflow configured on VS0 of our VS appliances. I am receiving netflow, but I do not see netflow from the VS instances. Am I missing something on the configuration for VS instances to report netflow? The netflow is setup using the default interface which appears to be using the management interface of the appliances.

    Thanks,

    Bill

  2. #2
    Join Date
    2008-10-16
    Location
    Stavanger
    Posts
    5
    Rep Power
    0

    Default Re: Netflow and VSX

    Hi,
    This is unfortunately by design. We have the same challenge with this. Hosting several VSX cluster with multiple customer running their separate VS. The customers need to collect netflow from only their vs to be able to forward this to SIEM system and monitoring system.
    Hopefully Check Point will do something with this design. I have explained this design problem for the several times, and they understand this is a issue for an MSP.

    We´re working on a solution on our own by using https://github.com/phaag/nfdump -


    From sk102041

    NetFlow on VSX
    Configure the NetFlow collector on the network of VSX Gateway itself - context of VS0. It should be routable only from VS0.

    NetFlow v5 supports only 4 cluster members and only 64 Virtual Systems, due to the limitation of engine ID size (1 Byte).

    You can use Wireshark to identify NetFlow packets (CFLOW). Use VSID:

    Clusters in NetFlow v5: See engine ID - 2 upper bits are Cluster ID, and 6 lower bits are VSID.

    Clusters in NetFlow v9: See source ID - 3rd byte is Cluster ID, and lower 2 bytes are VSID.

  3. #3
    Join Date
    2008-10-16
    Location
    Stavanger
    Posts
    5
    Rep Power
    0

    Default Re: Netflow and VSX

    I´ve ha started a discussion thread at CheckMates

    https://community.checkpoint.com/thr...low-data-pr-vs

Similar Threads

  1. Netflow on R77.20 SPLAT
    By marcko32 in forum R77.20
    Replies: 1
    Last Post: 2017-01-09, 13:14
  2. Checkpoint and Netflow collector
    By Kanan in forum Intermediate
    Replies: 1
    Last Post: 2016-09-22, 11:05
  3. VSX and Netflow issue
    By eldo37 in forum VPN-1 VSX
    Replies: 8
    Last Post: 2016-01-12, 22:04
  4. Configure netflow on GAIA 77.20
    By Ramkchan in forum R77.20
    Replies: 4
    Last Post: 2015-11-30, 14:23
  5. IPSO Netflow
    By pebbles5 in forum Check Point IP Appliances and IPSO (Formerly Sold By Nokia)
    Replies: 4
    Last Post: 2010-12-21, 00:04

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •