Results 1 to 3 of 3
  1. #1
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    1,527

    Exclamation Netflow enabled & misconfigured?

    errm,

    found this because NGFW appliances are nested three levels deep ;=)
    stock installs, NGFW 14.2.2

    I have a strange emission on external to [1.2.3.4:2055] , and Googling found this example:

    Code:
    ! enable Netflow on an interface
    !
    interface GigibitEthernet 0/0
    ip route-cache flow
    exit
    !
    ! Send the Netflow records to a collector at IP address 1.2.3.4.
    !Port 2055 is the standard UDP port.
    !
    ip flow-export 1.2.3.4 2055 version 5
    at https://netcraftsmen.com/security-mi...w-information/

    Although it looks neat, I know nothing about it beyond reading the article mentioned above. I suspect UT labels these records as sessions, and I doubt that that stuff is going to the right place.

    Some feedback for educating me would be appreciated!

    And have a good weekend when you get there!
    Last edited by Jim.Alles; 09-20-2019 at 11:21 AM. Reason: netFLOW fixed in advanced

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    8,059

    Default

    NetFlow is disabled by default in /admin/index.do#config/network/advanced/netflow. 1.2.3.4 is a make-up address in the config file. You need a Netflow collector to received these events.

    https://en.wikipedia.org/wiki/NetFlow
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    1,527

    Default

    Yah, I found that only in a 13.2 changelog.

    I never turned it on, and the checkbox was not found 'true'

    but it was leaking:
    netflow Capture.PNG

    I find the once-a-minute regularity strange, given the description. (Thanks for the link).
    I think the 3:31:55 timestamps is when I touched the NGFW configuration.

    It is not dripping anymore. I dunno.
    Last edited by Jim.Alles; 09-20-2019 at 02:24 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2