jhupka
8 months agoNeophyte
Palo Alto application data missing from Netflow
We have been able to get Netflow data working for a Palo Alto PA-820 firewall, but we are not seeing the application data show up.
Does anyone have any suggestions on next steps we could take?
Here is what has been done so far:
- Netflow profile has been configured on the Palo Alto side and assigned to the interface, including selecting the PAN-OS Field Types to get the App-ID and User-ID (https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/monitoring/netflow-monitoring/configure-netflow-exports)
- nbar has been enabled on the collector:
# enable netflow support for NBAR, IPV6 and Multicast fields
netflow.nbar.enabled=true
# enable netflow support for IPV6 fields
netflow.ipv6.enabled=true - Collector version is 34.003
- We’re seeing everything we expect except the app & systems data on the Traffic tab for the device:
Any thoughts on what we might be missing?
Thank you. :-)