Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Meraki MX Netflow

WldWzl
Here to help
‎Jun 22 2019 7:46 AM
‎Jun 22 2019 7:46 AM

Meraki MX Netflow

Hey all, has anyone had experience getting the MX firewalls netflow processed by a collector?

 

We are using LiveAction and I cannot get the traffic from the “LAN” side to the AutoVPN tunnel it process correctly.  Traffic going to the tunnel or direct to internet show up as Null0.

 

I was able to do a packet capture and see the flow packets going from the correct interface to WAN0, but am not seeing that in the flow collector.

 

Thanks all.

0 Kudos
Subscribe
3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 23 2019 1:23 PM
‎Jun 23 2019 1:23 PM

I don't know the answer, but their are a of of mentions of NetFlow in different firmware releases.  Are you running a recent release or have you tried a beta release?

0 Kudos
Subscribe
RohitRaj
Meraki Employee
Meraki Employee
‎Jun 24 2019 9:07 AM
‎Jun 24 2019 9:07 AM

Hello @WldWzl ,

When configuring an MX to access a server over VPN, the MX and Z1 use the Appliance LAN IP of the highest-numbered VLAN that is included in the VPN as the source address.

The below document states the above information. Although the document points to radius traffic, the Mx functionality if the same for any traffic sourced from an MX to a remote server (Syslog, Netflow, Radius, AD etc)

Have you tried filtering the traffic for this information?

 

https://documentation.meraki.com/MX/Other_Topics/MX_and_Z1_Source_IP_for_RADIUS_Authentication

If this was helpful, click the Kudos button below.
If your issue was resolved, we request you to mark the post resolved so other users can benefit in future
0 Kudos
Subscribe
In response to RohitRaj
WldWzl
Here to help
‎Jun 24 2019 9:19 AM
‎Jun 24 2019 9:19 AM

So we are getting Netflow, and it is sourcing from an expected IP, so we are good there.

 

The issue appears to be the flow data is sending the source interface register as "0" which on our flow processor is designated as Null0, so the flow data is displayed as everything going to the "WAN/Tunnel" interface as going to Null.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.