1
General Discussion / Insight and NetFlow question
« on: February 21, 2019, 07:29:06 pm »
Hello,
I just setup an instance of opnsense, using kvm... I added a second NIC for WAN, which is a port mirror that shows all our Internet traffic.... ntopng does show stats about the WAN interface, which look right, and make me think that the NIC config does work, and opnsense does receive all this traffic.
I then enabled NetFlow and noticed that Insight only shows LAN related data, nothing for WAN. I did enable WAN in the NetFlow config, under "WAN interfaces"
Is there a howto document showing how to achieve what am trying to do? use opnsense just to analyze the WAN traffic (NetFlow/ntop/suricata..) but not actually firewall it or affect it in anyway?
Could it be the firewall is dropping all the WAN traffic, and that is why NetFlow is not receiving it?
Correction. Insight is showing something for WAN, but appears to be very little, and only ICMP (under Top usage ports/sources (bytes))
Thanks a lot!
I just setup an instance of opnsense, using kvm... I added a second NIC for WAN, which is a port mirror that shows all our Internet traffic.... ntopng does show stats about the WAN interface, which look right, and make me think that the NIC config does work, and opnsense does receive all this traffic.
I then enabled NetFlow and noticed that Insight only shows LAN related data, nothing for WAN. I did enable WAN in the NetFlow config, under "WAN interfaces"
Is there a howto document showing how to achieve what am trying to do? use opnsense just to analyze the WAN traffic (NetFlow/ntop/suricata..) but not actually firewall it or affect it in anyway?
Could it be the firewall is dropping all the WAN traffic, and that is why NetFlow is not receiving it?
Correction. Insight is showing something for WAN, but appears to be very little, and only ICMP (under Top usage ports/sources (bytes))
Thanks a lot!