https://community.cisco.com/t5/network-security/not-getting-netflow-through-the-firewall/m-p/2309720#M310647 <HTML><HEAD></HEAD><BODY><P>Please not if my firewall team allow access "any to any" than we are getting the netflow logs.</P><P></P><P>They need the exact port number and they are even not ready to do the troubleshooting with us. that is the biggest issue for us.</P></BODY></HTML> Tue, 22 Oct 2013 11:24:34 GMT sutharhemant90 2013-10-22T11:24:34Z https://community.cisco.com/t5/network-security/not-getting-netflow-through-the-firewall/m-p/2309714#M310641 <P>Dear All,</P><P></P><P></P><P>From last few days i am trying to get the netflow logs from the router to my system but its not happening. here is one firewall cyberoam between router and system. can anyone tell me what exact port numbers need to be open on the firewall to get the logs.</P><P></P><P>Quick responce will be appreciated.</P> Tue, 12 Mar 2019 02:54:07 GMT https://community.cisco.com/t5/network-security/not-getting-netflow-through-the-firewall/m-p/2309714#M310641 sutharhemant90 2019-03-12T02:54:07Z https://community.cisco.com/t5/network-security/not-getting-netflow-through-the-firewall/m-p/2309715#M310642 <HTML><HEAD></HEAD><BODY><P>I am using Solarwind and trying to get the logs on port number 2055 and 9666.</P><P></P><P>Router-------Firewall--------System</P></BODY></HTML> Mon, 21 Oct 2013 14:58:07 GMT https://community.cisco.com/t5/network-security/not-getting-netflow-through-the-firewall/m-p/2309715#M310642 sutharhemant90 2013-10-21T14:58:07Z https://community.cisco.com/t5/network-security/not-getting-netflow-through-the-firewall/m-p/2309716#M310643 <HTML><HEAD></HEAD><BODY><P>I have asked firewall team to open the port number 2055 and 9666 to my system and for bidirectional to SNMP (TCP 161,162). But still i am not getting.</P></BODY></HTML> Mon, 21 Oct 2013 15:01:13 GMT https://community.cisco.com/t5/network-security/not-getting-netflow-through-the-firewall/m-p/2309716#M310643 sutharhemant90 2013-10-21T15:01:13Z https://community.cisco.com/t5/network-security/not-getting-netflow-through-the-firewall/m-p/2309717#M310644 <HTML><HEAD></HEAD><BODY><P>hi,</P><P></P><P>could you post netflow config from your router?</P><P></P><P>is router at least able to ping the system/NMS?</P></BODY></HTML> Tue, 22 Oct 2013 07:03:09 GMT https://community.cisco.com/t5/network-security/not-getting-netflow-through-the-firewall/m-p/2309717#M310644 johnlloyd_13 2013-10-22T07:03:09Z https://community.cisco.com/t5/network-security/not-getting-netflow-through-the-firewall/m-p/2309718#M310645 <HTML><HEAD></HEAD><BODY><P>No router is not able to ping my server becoz firewall team has allowed netflow ports on the firewall not ICMP.</P><P></P><P>interface FastEthernet0/0</P><P> ip address 10.10.10.1 255.255.255.0</P><P><SPAN style="font-size: 10pt;"> ip flow ingress</SPAN></P><P> ip route-cache flow input</P><P></P><P></P><P>ip flow-export source FastEthernet0/0</P><P>ip flow-export version 5</P><P>ip flow-export destination 10.10.10.50 2055</P><P>ip flow-export destination 10.10.10.50 9666</P><P></P><P></P><P>Should i allow ICMP from router to my server ?</P></BODY></HTML> Tue, 22 Oct 2013 07:43:20 GMT https://community.cisco.com/t5/network-security/not-getting-netflow-through-the-firewall/m-p/2309718#M310645 sutharhemant90 2013-10-22T07:43:20Z https://community.cisco.com/t5/network-security/not-getting-netflow-through-the-firewall/m-p/2309719#M310646 <HTML><HEAD></HEAD><BODY><P>hi,</P><P></P><P>yes, just for troubleshooting purpose. you can ask your FW team to block it again afterwards.</P><P></P><P>i just want to ensure your router knows how to get to your NMS.</P><P></P><P>could you do below and post a <STRONG>show ip flow export</STRONG>?</P><P></P><P>ip cef</P><P></P><P>interface FastEthernet0/0</P><P>no ip route-cache flow input</P><P>ip route-cache flow</P><P>no ip route-cache cef</P></BODY></HTML> Tue, 22 Oct 2013 08:31:19 GMT https://community.cisco.com/t5/network-security/not-getting-netflow-through-the-firewall/m-p/2309719#M310646 johnlloyd_13 2013-10-22T08:31:19Z https://community.cisco.com/t5/network-security/not-getting-netflow-through-the-firewall/m-p/2309720#M310647 <HTML><HEAD></HEAD><BODY><P>Please not if my firewall team allow access "any to any" than we are getting the netflow logs.</P><P></P><P>They need the exact port number and they are even not ready to do the troubleshooting with us. that is the biggest issue for us.</P></BODY></HTML> Tue, 22 Oct 2013 11:24:34 GMT https://community.cisco.com/t5/network-security/not-getting-netflow-through-the-firewall/m-p/2309720#M310647 sutharhemant90 2013-10-22T11:24:34Z https://community.cisco.com/t5/network-security/not-getting-netflow-through-the-firewall/m-p/2309721#M310648 <HTML><HEAD></HEAD><BODY><P>Hi,<BR /><BR />Did your FW team opened "UDP" ports for 161, 162, 2055 and 9666?<BR /><BR />Sent from Cisco Technical Support iPhone App</P></BODY></HTML> Tue, 22 Oct 2013 11:50:25 GMT https://community.cisco.com/t5/network-security/not-getting-netflow-through-the-firewall/m-p/2309721#M310648 johnlloyd_13 2013-10-22T11:50:25Z https://community.cisco.com/t5/network-security/not-getting-netflow-through-the-firewall/m-p/2309722#M310649 <HTML><HEAD></HEAD><BODY><P>Yes, they have opened the port as mentioned below.</P><P></P><P>2055 &amp; 9666 ( Source router LAN interface and destiona My server)</P><P>161 &amp; 162 ( SNMP - Bidirection)</P></BODY></HTML> Tue, 22 Oct 2013 13:55:40 GMT https://community.cisco.com/t5/network-security/not-getting-netflow-through-the-firewall/m-p/2309722#M310649 sutharhemant90 2013-10-22T13:55:40Z https://community.cisco.com/t5/network-security/not-getting-netflow-through-the-firewall/m-p/2309723#M310650 <HTML><HEAD></HEAD><BODY><P>I have encountered these kind of issues frequently - it most usually is a&nbsp; case of ACLs either on the firewall or on the router itself.</P><P></P><P>If any-any allows packets to reach NTA and specific port opening does not, then your firewall team seems to be doing it wrong. Did they make sure they opened UDP 2055 and UDP 9996? And source is FastEthernet0/0 and destination is your NTA server?</P><P></P><P>Regards, <BR />Don Thomas Jacob <BR /><A class="jive-link-external-small" href="http://www.solarwinds.com/netflow-traffic-analyzer.aspx">http://www.solarwinds.com/netflow-traffic-analyzer.aspx</A><SPAN> </SPAN></P><P><BR />NOTE: Please rate and close questions if you found any of the answers helpful.</P></BODY></HTML> Thu, 24 Oct 2013 08:25:24 GMT https://community.cisco.com/t5/network-security/not-getting-netflow-through-the-firewall/m-p/2309723#M310650 Don Jacob 2013-10-24T08:25:24Z https://community.cisco.com/t5/network-security/not-getting-netflow-through-the-firewall/m-p/2309724#M310651 <HTML><HEAD></HEAD><BODY><H1 style="background-color: #ffffff; border-collapse: collapse; font-size: 24px; list-style: none; padding: 5px 0px 2px; font-weight: normal; line-height: 0.85; color: #ee6804; font-family: Arial, verdana, sans-serif;">Thaks a lot Mr. johnlloyd_13 &amp; Mr. Don. Now the issue has been resolved. Port number was not correctly open in the firewall.</H1></BODY></HTML> Thu, 24 Oct 2013 10:34:32 GMT https://community.cisco.com/t5/network-security/not-getting-netflow-through-the-firewall/m-p/2309724#M310651 sutharhemant90 2013-10-24T10:34:32Z