Insight - Interface wrong

[AndyX90]

Hey guys,

i have a Problem regarding Netflow/Insight and specific WAN-Traffic.
Basically i have one WAN Interface, one LAN Interface and one Interface linked to another firewall.
There are Internet-connections coming into my LAN from the other firewalls interface.
But Netflow displays them on my WAN-Interface.
Any suggestions?

Thanks in advance!

[hbc]

Did you verify via tcpdump that packets are coming from 2nd firewall and not from local WAN? Maybe a routing issue and packets are actually received from local WAN?

[AndyX90]

Did you verify via tcpdump that packets are coming from 2nd firewall and not from local WAN? Maybe a routing issue and packets are actually received from local WAN?

Sorry for the late reply. Yes, the traffic is on the other interface.
It is a HA-Setup between 2 DEC-4630.
Another example is the Carp-Traffic.
I see the traffic on the HA-Interface (separate 1G-Interface between both firewalls), but in Insight the HA-Interface is empty and the Carp-Traffic is also displayed on WAN...

[hbc]

Where do you have CARP running? From your sketch, I do not see where you use it.

CARP means you have a virtual IP shared between both firewalls and the active node is holding it. But this does also mean that you need a redundand connection to somewhere.

Your LAN is just connected to FW1 and your WAN looks like two seperate ISP for each firewall. Or do you send CARP via internet from firewall to firewall? Then WAN would be correct displayed but wrong used.