Palo Alto Firewall HA Pair
Posted: Thu Feb 12, 2015 8:51 pm
Anyone consuming NetFlow from a Palo Alto Firewall HA Pair? I'm just getting the Network Analyzer configured now.
In the Palo Alto admin interface you define a netflow destination on one member in the pair. The configuration is synced to the other member as well. I set this up with the source IP and port in Nagios Network Analyzer interface. We can see data come in just fine.
The problem I am seeing is that each unit of my HA Pair has a different IP address. If the primary fails over to the secondary now the source IP is different. The netflow configuration in the Palo Alto gets assigned to the interface of the active palo alto unit. After failover the netflow would be sent to the same port on the Nagios Network Analyzer box, but now it is coming from a different IP.
Looking for a straight forward way to do this gracefully.
Thanks!
In the Palo Alto admin interface you define a netflow destination on one member in the pair. The configuration is synced to the other member as well. I set this up with the source IP and port in Nagios Network Analyzer interface. We can see data come in just fine.
The problem I am seeing is that each unit of my HA Pair has a different IP address. If the primary fails over to the secondary now the source IP is different. The netflow configuration in the Palo Alto gets assigned to the interface of the active palo alto unit. After failover the netflow would be sent to the same port on the Nagios Network Analyzer box, but now it is coming from a different IP.
Looking for a straight forward way to do this gracefully.
Thanks!