I have my Gaia based checkpoint firewall sending netflow data to NTA just fine - but it seems it's only sending my Hide NAT address and no internal IP data. Is that something I misconfigured, can fix, can otherwise address? I would like to see network top talkers, etc but can only get to my public IP level which isn't all that helpful. Thanks!!
Top Replies
-
Shameless bump... anyone else using netflow from CP successfully? -
In the WebGUI of the Checkpoint FW under NetFlow Export you can define a target to export to, and then the "Source Address" where the traffic is coming from (IP). -
jsilverberg I have a Checkpoint Gaia R77.20 Firewall monitored by NPM and NTA These are the resources that I am monitoring NTA is managing the interfaces as NetFlow sources NTA is getting traffic I can…
-
-
-
-
jsilverberg I have a Checkpoint Gaia R77.20 Firewall monitored by NPM and NTA
These are the resources that I am monitoring
NTA is managing the interfaces as NetFlow sources
NTA is getting traffic
I can see conversations between my internal clients and the CP firewall, external interfaces and the Internet,
not between the internal clients and the web, but I don't think that would be available via NetFlow (Smartview reporter blade for that)
Top endpoints and pretty much everything else that I can see with any other of my nodes managed by NPM & NTA
I can e-mail you some reports if you like. just PM me your e-mail addresses
-
Also,
make sure you have the snmp and netflow configured from the web management console
I am not sure if the Agent Interface selection is what is limiting the reporting on the external interfaces - what do you guys think?
-
-
This is how I have my SW & CheckPoint firewall configured
Solarwinds NPM and NTA monitor everything except the ISP Routers
The switches and core router are DELL, which are configured for SFlow, CheckPoint is configured for Netflow v5
when I click on the node for the firewall > network tab > Interface for ISP#1 (eth1) and customize the page to show top XX conversations, I can see
So I can get some insight to the conversations between CheckPoint and the Internet
if I click on the LAN interface, I can see traffic between my internal clients and the CheckPoint firewall
I too would like to see the NAT traffic, so I can tell which internal cleints are communicating with the external websites, but I think that would have to be a CheckPoint report
I hope this helps
-
