cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4730
Views
5
Helpful
10
Replies

Not getting netflow through the firewall

sutharhemant90
Level 1
Level 1

Dear All,

From last few days i am trying to get the netflow logs from the router to my system but its not happening. here is one firewall cyberoam between router and system. can anyone tell me what exact port numbers need to be open on the firewall to get the logs.

Quick responce will be appreciated.

1 Accepted Solution

Accepted Solutions

I have encountered these kind of issues frequently - it most usually is a  case of ACLs either on the firewall or on the router itself.

If any-any allows packets to reach NTA and specific port opening does not, then your firewall team seems to be doing it wrong. Did they make sure they opened UDP 2055 and UDP 9996? And source is FastEthernet0/0 and destination is your NTA server?

Regards,
Don Thomas Jacob
http://www.solarwinds.com/netflow-traffic-analyzer.aspx


NOTE: Please rate and close questions if you found any of the answers helpful.

Regards, Don Thomas Jacob http://www.solarwinds.com/netflow-traffic-analyzer.aspx Head Geek @ SolarWinds NOTE: Please rate and close questions if you found any of the answers helpful.

View solution in original post

10 Replies 10

sutharhemant90
Level 1
Level 1

I am using Solarwind and trying to get the logs on port number 2055 and 9666.

Router-------Firewall--------System

I have asked firewall team to open the port number 2055 and 9666 to my system and for bidirectional to SNMP (TCP 161,162). But still i am not getting.

hi,

could you post netflow config from your router?

is router at least able to ping the system/NMS?

No router is not able to ping my server becoz firewall team has allowed netflow ports on the firewall not ICMP.

interface FastEthernet0/0

ip address 10.10.10.1 255.255.255.0

ip flow ingress

ip route-cache flow input

ip flow-export source FastEthernet0/0

ip flow-export version 5

ip flow-export destination 10.10.10.50 2055

ip flow-export destination 10.10.10.50 9666

Should i allow ICMP from router to my server ?

hi,

yes, just for troubleshooting purpose. you can ask your FW team to block it again afterwards.

i just want to ensure your router knows how to get to your NMS.

could you do below and post a show ip flow export?

ip cef

interface FastEthernet0/0

no ip route-cache flow input

ip route-cache flow

no ip route-cache cef

Please not if my firewall team allow access "any to any" than we are getting the netflow logs.

They need the exact port number and they are even not ready to do the troubleshooting with us. that is the biggest issue for us.

Hi,

Did your FW team opened "UDP" ports for 161, 162, 2055 and 9666?

Sent from Cisco Technical Support iPhone App

Yes, they have opened the port as mentioned below.

2055 & 9666 ( Source router LAN interface and destiona My server)

161 & 162 ( SNMP - Bidirection)

I have encountered these kind of issues frequently - it most usually is a  case of ACLs either on the firewall or on the router itself.

If any-any allows packets to reach NTA and specific port opening does not, then your firewall team seems to be doing it wrong. Did they make sure they opened UDP 2055 and UDP 9996? And source is FastEthernet0/0 and destination is your NTA server?

Regards,
Don Thomas Jacob
http://www.solarwinds.com/netflow-traffic-analyzer.aspx


NOTE: Please rate and close questions if you found any of the answers helpful.

Regards, Don Thomas Jacob http://www.solarwinds.com/netflow-traffic-analyzer.aspx Head Geek @ SolarWinds NOTE: Please rate and close questions if you found any of the answers helpful.

Thaks a lot Mr. johnlloyd_13 & Mr. Don. Now the issue has been resolved. Port number was not correctly open in the firewall.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: