cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Meraki MX Netflow

Highlighted
Here to help

Meraki MX Netflow

Hey all, has anyone had experience getting the MX firewalls netflow processed by a collector?

 

We are using LiveAction and I cannot get the traffic from the “LAN” side to the AutoVPN tunnel it process correctly.  Traffic going to the tunnel or direct to internet show up as Null0.

 

I was able to do a packet capture and see the flow packets going from the correct interface to WAN0, but am not seeing that in the flow collector.

 

Thanks all.

3 REPLIES 3
Kind of a big deal

Re: Meraki MX Netflow

I don't know the answer, but their are a of of mentions of NetFlow in different firmware releases.  Are you running a recent release or have you tried a beta release?

Meraki Employee

Re: Meraki MX Netflow

Hello @WldWzl ,

When configuring an MX to access a server over VPN, the MX and Z1 use the Appliance LAN IP of the highest-numbered VLAN that is included in the VPN as the source address.

The below document states the above information. Although the document points to radius traffic, the Mx functionality if the same for any traffic sourced from an MX to a remote server (Syslog, Netflow, Radius, AD etc)

Have you tried filtering the traffic for this information?

 

https://documentation.meraki.com/MX/Other_Topics/MX_and_Z1_Source_IP_for_RADIUS_Authentication

If this was helpful, click the Kudos button below.
If your issue was resolved, we request you to mark the post resolved so other users can benefit in future
Here to help

Re: Meraki MX Netflow

So we are getting Netflow, and it is sourcing from an expected IP, so we are good there.

 

The issue appears to be the flow data is sending the source interface register as "0" which on our flow processor is designated as Null0, so the flow data is displayed as everything going to the "WAN/Tunnel" interface as going to Null.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.