0 Replies Latest reply on Mar 10, 2016 3:51 PM by tpfannes

    Questions about Netflow Interface Details

    tpfannes

      OK, I have Netflow reporting coming from our Fortigate FW on both the inside and outside interfaces.  This Firewall has an internal IP of 10.10.10.1 and and external IP 8.8.8.1 and is PATing all internal traffic to the external IP (8.8.8.1). 

       

      Questions:

       

      1.  From NTA, if I click the Outside interface, select Ingress I see my top endpoint as my External interface (8.8.8.1) which makes perfect sense (all my internal traffic NAT's to this IP).  BUT my 2nd top endpoint is 10.10.10.139 (an internal address).  Why looking at Ingress Netflow on my Outside interface would I see any internal IP's (10.10.10.x)?

       

      2.  From NTA, if I click on the Inside interface, select Ingress I see my top endpoint as the IP of my External interface (8.8.8.1).  No traffic from the Inside network terminates on this Outside interface.  Why is this showing as a top endpoint?

       

      3.  From NTA, if I click on the Inside interface, select Ingress I see the top conversation is between my External interface (8.8.8.1) and 216.58.216.239 (google).  This would make sense if I selected "Outside" interface but I'm looking at our "Inside" interface.  I dont think 8.8.8.1 shouldn't even be on that list?