Anyone consuming NetFlow from a Palo Alto Firewall HA Pair? I'm just getting the Network Analyzer configured now.
In the Palo Alto admin interface you define a netflow destination on one member in the pair. The configuration is synced to the other member as well. I set this up with the source IP and port in Nagios Network Analyzer interface. We can see data come in just fine.
The problem I am seeing is that each unit of my HA Pair has a different IP address. If the primary fails over to the secondary now the source IP is different. The netflow configuration in the Palo Alto gets assigned to the interface of the active palo alto unit. After failover the netflow would be sent to the same port on the Nagios Network Analyzer box, but now it is coming from a different IP.
Looking for a straight forward way to do this gracefully.
Thanks!
Palo Alto Firewall HA Pair
-
jzimmerman
- Posts: 20
- Joined: Thu Aug 08, 2013 8:17 pm
- Location: Portland, Oregon, U.S.A
- Contact:
Re: Palo Alto Firewall HA Pair
When setting up a source in NA, you have to put in an IP address but it isn't used for receiving netflow data, so as long as the backup firewall sends the netflow data on the same port, the NA server will receive it.
Be sure to check out our Knowledgebase for helpful articles and solutions!
-
jzimmerman
- Posts: 20
- Joined: Thu Aug 08, 2013 8:17 pm
- Location: Portland, Oregon, U.S.A
- Contact:
Re: Palo Alto Firewall HA Pair
Thanks! I assumed otherwise. I'll test it out.