10-21-2013 07:54 AM - edited 03-11-2019 07:54 PM
Dear All,
From last few days i am trying to get the netflow logs from the router to my system but its not happening. here is one firewall cyberoam between router and system. can anyone tell me what exact port numbers need to be open on the firewall to get the logs.
Quick responce will be appreciated.
Solved! Go to Solution.
10-24-2013 01:25 AM
I have encountered these kind of issues frequently - it most usually is a case of ACLs either on the firewall or on the router itself.
If any-any allows packets to reach NTA and specific port opening does not, then your firewall team seems to be doing it wrong. Did they make sure they opened UDP 2055 and UDP 9996? And source is FastEthernet0/0 and destination is your NTA server?
Regards,
Don Thomas Jacob
http://www.solarwinds.com/netflow-traffic-analyzer.aspx
NOTE: Please rate and close questions if you found any of the answers helpful.
10-21-2013 07:58 AM
I am using Solarwind and trying to get the logs on port number 2055 and 9666.
Router-------Firewall--------System
10-21-2013 08:01 AM
I have asked firewall team to open the port number 2055 and 9666 to my system and for bidirectional to SNMP (TCP 161,162). But still i am not getting.
10-22-2013 12:03 AM
hi,
could you post netflow config from your router?
is router at least able to ping the system/NMS?
10-22-2013 12:43 AM
No router is not able to ping my server becoz firewall team has allowed netflow ports on the firewall not ICMP.
interface FastEthernet0/0
ip address 10.10.10.1 255.255.255.0
ip flow ingress
ip route-cache flow input
ip flow-export source FastEthernet0/0
ip flow-export version 5
ip flow-export destination 10.10.10.50 2055
ip flow-export destination 10.10.10.50 9666
Should i allow ICMP from router to my server ?
10-22-2013 01:31 AM
hi,
yes, just for troubleshooting purpose. you can ask your FW team to block it again afterwards.
i just want to ensure your router knows how to get to your NMS.
could you do below and post a show ip flow export?
ip cef
interface FastEthernet0/0
no ip route-cache flow input
ip route-cache flow
no ip route-cache cef
10-22-2013 04:24 AM
Please not if my firewall team allow access "any to any" than we are getting the netflow logs.
They need the exact port number and they are even not ready to do the troubleshooting with us. that is the biggest issue for us.
10-22-2013 04:50 AM
Hi,
Did your FW team opened "UDP" ports for 161, 162, 2055 and 9666?
Sent from Cisco Technical Support iPhone App
10-22-2013 06:55 AM
Yes, they have opened the port as mentioned below.
2055 & 9666 ( Source router LAN interface and destiona My server)
161 & 162 ( SNMP - Bidirection)
10-24-2013 01:25 AM
I have encountered these kind of issues frequently - it most usually is a case of ACLs either on the firewall or on the router itself.
If any-any allows packets to reach NTA and specific port opening does not, then your firewall team seems to be doing it wrong. Did they make sure they opened UDP 2055 and UDP 9996? And source is FastEthernet0/0 and destination is your NTA server?
Regards,
Don Thomas Jacob
http://www.solarwinds.com/netflow-traffic-analyzer.aspx
NOTE: Please rate and close questions if you found any of the answers helpful.
10-24-2013 03:34 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: