Skip main navigation (Press Enter).

DX Unified Infrastructure Management

Back to discussions

Expand all | Collapse all

NetFlow export from IPSO (Checkpoint Firewall appliances)

Anon AnonDec 22, 2011 04:39 PM

Anyone have experience with exporting flows from checkpoint IP firewalls (running IPSO6x) ? Unlike ...

Anon AnonDec 22, 2011 04:39 PM

What ? no nibbles on this one !! :O

Stuart WeenigDec 22, 2011 04:39 PM

No experience using it. However, if you're exporting v9 flows and using RA9 (now known as NFA9), it ...

1. NetFlow export from IPSO (Checkpoint Firewall appliances)

Recommend
Anon Anon
Posted Dec 22, 2011 04:39 PM

Reply Reply Privately
Anyone have experience with exporting flows from checkpoint IP firewalls (running IPSO6x) ?

Unlike Cisco configuration, the control over the netflow export is limited.
It appears to export in/out flows for all interfaces on the systm when enabled.
As a result, in the RA the actual flow rates appear to be double counted.
Changing the flow export version from v5 to v9 (in an attempt to have RA leverage off the direction field) appears to make no difference.

Has anyone come across this behaviour ?
2. RE: NetFlow export from IPSO (Checkpoint Firewall appliances)

Recommend
Anon Anon
Posted Dec 22, 2011 04:39 PM

Reply Reply Privately
What ? no nibbles on this one !! :O
3. RE: NetFlow export from IPSO (Checkpoint Firewall appliances)

Recommend
Stuart Weenig
Posted Dec 22, 2011 04:39 PM

Reply Reply Privately
No experience using it. However, if you're exporting v9 flows and using RA9 (now known as NFA9), it should take into consideration the directionality and not double count.

Copyright 2025. All rights reserved.

Powered by Higher Logic

Global message icon