I have my Gaia based checkpoint firewall sending netflow data to NTA just fine - but it seems it's only sending my Hide NAT address and no internal IP data. Is that something I misconfigured, can fix, can otherwise address? I would like to see network top talkers, etc but can only get to my public IP level which isn't all that helpful. Thanks!!
↧
Checkpoint Netflow only reporting external interface
↧
Netflow configuration on multiple interfaces and sub-interfaces
Hi,
I configured netflow on cisco router 2921 and here is my config..
ip flow-export source Gigabitethernet 0/1
ip flow-export source Gigabitethernet 0/2
ip flow-export source Gigabitethernet 0/0
ip flow-export version 5
ip flow-export destination 131.x.x.x 2055
I also configure this on each interface
Interface Gigabitethernet 0/0
ip flow ingress
ip flow egress
ip route-cache flow
Interface Gigabitethernet 0/1
ip route-cache flow
Interface Gigabitethernet 0/1.55
ip flow ingress
ip flow egress
ip route-cache
Interface Gigabitethernet 0/1.56
ip flow ingress
ip flow egress
ip route-cache
Interface Gigabitethernet 0/2
ip flow ingress
ip flow egress
ip route-cache flow
when I performed show run on the router this is the configuration that appeared:
ip flow-export source Gigabitethernet 0/0
ip flow-export version 5
ip flow-export destination 131.x.x.x 2055
I noticed that the last source (Gigabitethernet0/0) that I typed was the source that was registered on the router
What could be the effect of this configuration?
Gigabitethernet0/1 and Gigabitethernet0/2 are on the public side of the router,I want to monitor the traffic that is going in and out of these interface because I have vpn tunnels configured on this interfaces (Gigabitethernet 0/1.55 and Gigabitethernet0/1.56)
Did I enter the right configuration for my router?
By the way my Solarwinds server resides on the Gigabitethernet0/0 network.
Please help..
Thank you very much!
↧
↧
View Source and destination ports on netflow flows
Hi
I have set up netflow and I am looking through displaying the data in a way that makes sense to us
Is there a way to see both source and destination TCP/UDP port in a flow view.
I have some traffic that seems to be recognized on it source port instead of the destination, but cant verify it as I cant find a way to view both dest and src ports.
I have also been looking on information on how NTA discovers what is the significant port of a flow.
I have worked with Scrutinizer their port election process will result in Scrutinizer showing the Source port instead of the destination port if the destination port is unknown and not labeled, and am wondering if it is the same on NTA.
Regards Jens
↧
Netflow configuration - ingress vs egress
So, I've tried to wade through the documentation on cisco.com and solarwinds but could use some help figuring how to setup netflow v9 for my monitoring needs. I'm particularly interested in the pros and cons of ingress vs egress capturing or whether I should do both. I have two main data center locations and 7 branch locations that talk over mpls WAN. The previous admin had it setup "ip flow ingress" on the LAN ports (including subinterfaces) of the cisco routers with nothing on the WAN interfaces. Wouldn't it make more sense to collect both directions (ip flow ingress and ip flow egress) on the WAN interface since as I read it is after WAAS (WAN compression).
Any reason this is a bad idea?
It makes sense to capture both ingress and egress, right?
I appreciate any input or expertise.
↧
Has ANYONE got Flexible Netflow working on 4500 with Sup7 that is understandable by Solarwinds Netflow
Hi have been trying to work with Cisco over the past 4 weeks to get Flexible Netflow to work properly with Orion/NTA with zero success. This is a 4507R+E with dual Sup 7's
I have the works TAC support person, but that's beside the point. I've spoken with SW and didn't get the warm and fuzzies on their answers either.
It appears to me I will not be able to monitor layre "virtual" interfaces on the 4507, which is unacceptable and if the case I will raise a stink with Cisco one I get it working.
So my questions are:
Does it even work? This hardware, Flexible Network and NTA 3.7?
The commands take and it just seems like NTA doesn't accept them, I'm guessing they are missing something like TOS, but this is not the same as regular Netflow.
I have been testing many permitations, but I either get the traffic in NTA showing that it is coming from all interfaces, or it doesn't see any at all.
Here's the config I am testing with today:
flow record ipv4
! match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect interface input
!
!
flow exporter NetFlow-to-Orion
destination 10.10.10.1
source vlan254
transport udp 2055
export-protocol netflow-v5
!
!
flow monitor NetFlow-Monitor
description Original Netflow captures
record ipv4
exporter NetFlow-to-Orion
vlan configuration 254
ip flow monitor NetFlow-Monitor input
Any help would be great
Bob
↧
↧
Can Netflow data sent to Orion NTA be offloaded / redirected to other destinations? If so, how?
I find a need to send a copy of Netflow data, which my routers & L3 switches send to Orion, to other applications at other IP addresses.
Can Solarwinds Orion / NTA / NPM do this?
If so, where is it configured, how is it accomplished?
↧
HOW TO SETUP ORION TO MONITOR WEB PAGES VISIT IN SQUID PROXY SERVER
Hello folks
I need your knowloge about this doubt, I´m dommie in this kind of discussion theme.
I need to know all web traffic in my squid proxy in that way to avoid hight traffic in my wan our bandwith is been affecting by hight trafiic of our user but we don´t know who or what generates overutilization.
Please your advice.
.
↧
Netflow configure Cisco ASR 1002
We just installed a Cisco ASR 1002, The old net flow commands used in our 3845 do not work. Has anyone set configuration to export Top-Talkers?
Thanks
↧
Adding a large port range to NTA Multi-port application seems to hang
I am trying to add a large port range to a multi-port application in NTA. For whatever reason it seems to hang/not actually do anything when I hit Add (or Update Application) button in the pop out window. If I add single port or a smaller port range (eg: 2100-2200), it works fine. Anyone else experience this behavior or offer any advice? NPM 12.0.1 with NTA Version 4.2.1. Have tried in different browsers, Chrome, IE and Firefox, both from a client machine and via the Orion server. I should add that if I click on the Cancel button, nothing happens either. I basically have to close the browser tab to get out of that screen.
↧
↧
LIcensing - pricing mode
We are currently running Orion and APM.
We have been running a trail of the Netflow Traffic Analyzer. We like the product but the price is crazy. The pricing is based on the number of nodes in Orion, NOT the number of routers we want to monitor. Even with a huge discount, it is still out of line.
Why don't they offer Netflow by a router count instead of total nodes?
Thanks,
D.
↧
Netflow configuration - ingress vs egress
So, I've tried to wade through the documentation on cisco.com and solarwinds but could use some help figuring how to setup netflow v9 for my monitoring needs. I'm particularly interested in the pros and cons of ingress vs egress capturing or whether I should do both. I have two main data center locations and 7 branch locations that talk over mpls WAN. The previous admin had it setup "ip flow ingress" on the LAN ports (including subinterfaces) of the cisco routers with nothing on the WAN interfaces. Wouldn't it make more sense to collect both directions (ip flow ingress and ip flow egress) on the WAN interface since as I read it is after WAAS (WAN compression).
Any reason this is a bad idea?
It makes sense to capture both ingress and egress, right?
I appreciate any input or expertise.
↧
View Source and destination ports on netflow flows
Hi
I have set up netflow and I am looking through displaying the data in a way that makes sense to us
Is there a way to see both source and destination TCP/UDP port in a flow view.
I have some traffic that seems to be recognized on it source port instead of the destination, but cant verify it as I cant find a way to view both dest and src ports.
I have also been looking on information on how NTA discovers what is the significant port of a flow.
I have worked with Scrutinizer their port election process will result in Scrutinizer showing the Source port instead of the destination port if the destination port is unknown and not labeled, and am wondering if it is the same on NTA.
Regards Jens
↧
Receiving Sflow/Netflow data from a different source IP than SNMP/management IP
Due to our VRF design and SFLOW limitations on the Cisco Nexus 9000 switches, I need to send Sflow datagrams to NTA from a different source address than the managment address NPM uses to poll the switch. NTA sees the traffic, but lists the source as "unknown" since the IP address is different. Any ideas?
↧
↧
SW NTA Flow Storage DB configurator
Hi Everyone.. I apologize in advance if i am repeating something that has already been gone over hereor not stating myself correctly here..I'm just trying to find out some info and I may not know the entire topology of the current setup.
I have a Server 2008 instance that I want to move the NTA program off of to a new server running 2016. I installed SolarWinds-Orion-NTA-v4.2.3-b4125 on this new server and ran the SW NTA flow storage database configurator. I put in all the Orion config server , suthentication user and pass and DB information and tested my connection all is successful..
My question is What do I need to do to now make the jump to the new server that only runs the above?
Our NTA database resides on a Server running 2016 . Our netflow collector service is on a server running 2016 as well.. So thats fine..
I'm just confused as to what needs to be done, what files or folders may or may not be needed to copy over. Anything in the 9C:\ProgramData\SolarWinds\NTA\FlowStorage\Data) folder?
Thank you in advance for your help everyone!
↧
Setting up Netflow for Cisco 2960s
All,
I'm trying to setup netflow to monitor our Cisco 2960s switches. They are layer 2 switches and Solarwinds tech support suggested I look at nprobe application to, but they don't support it or know how it should be configured. Any help would be appreciated or if you know of any other software that will work with getting the information to netflow. Thanks.
↧
HOW TO SETUP ORION TO MONITOR WEB PAGES VISIT IN SQUID PROXY SERVER
Hello folks
I need your knowloge about this doubt, I´m dommie in this kind of discussion theme.
I need to know all web traffic in my squid proxy in that way to avoid hight traffic in my wan our bandwith is been affecting by hight trafiic of our user but we don´t know who or what generates overutilization.
Please your advice.
.
↧
LIcensing - pricing mode
We are currently running Orion and APM.
We have been running a trail of the Netflow Traffic Analyzer. We like the product but the price is crazy. The pricing is based on the number of nodes in Orion, NOT the number of routers we want to monitor. Even with a huge discount, it is still out of line.
Why don't they offer Netflow by a router count instead of total nodes?
Thanks,
D.
↧
↧
SW NTA Flow Storage DB configurator
Hi Everyone.. I apologize in advance if i am repeating something that has already been gone over hereor not stating myself correctly here..I'm just trying to find out some info and I may not know the entire topology of the current setup.
I have a Server 2008 instance that I want to move the NTA program off of to a new server running 2016. I installed SolarWinds-Orion-NTA-v4.2.3-b4125 on this new server and ran the SW NTA flow storage database configurator. I put in all the Orion config server , suthentication user and pass and DB information and tested my connection all is successful..
My question is What do I need to do to now make the jump to the new server that only runs the above?
Our NTA database resides on a Server running 2016 . Our netflow collector service is on a server running 2016 as well.. So thats fine..
I'm just confused as to what needs to be done, what files or folders may or may not be needed to copy over. Anything in the 9C:\ProgramData\SolarWinds\NTA\FlowStorage\Data) folder?
Thank you in advance for your help everyone!
↧
Configure Cisco Router for Netflow
I have spend many days trying to get my Cisco routers (12.4) working with the Network Traffic Anaysis and nothing seems to be working (no firewalls are blocking).
Can someone provide a cisco config that actually works with this tool? Ideally, I want to capture sub-interfaces and also our WAN interface (multilink and/or serial interfaces).
interface Multilink1
ip flow egress
ip flow-export source Multilink 1
ip flow-export version 9 (have tried ver 5 as well)
ip flow-export destination x.x.x.x 2055
In the network analsysis site
What does it mean by Interface #14? We only have 4 interfaces on the router. All interfaces are setup in Orion.
↧
HP ProCurve 2910al-24G-PoE+ Switch (J9146A) and NTA 3.5 compatibility?
Hi there,
We're planning on the purchase of the mentioned HP Switch. As far as the sFlow-compatibility, the specsheet mentions "RFC 3176 sFlow". As fas as I know, RFC 3176 defines sFlow version 2 to 4, and SolarWinds Sales tell me that NTA only support sFlow v5.
What can anyone tell on the sFlow-compatibility of this HP Switch range? Will it work with NTA?
For the record, this is the link to the specs: http://www.procurve.com/products/switches/HP_ProCurve_2910al_Switch_Series/overview.htm#J9146A.
Thanks in advance!
Regards, Rene
↧
