These instructions assume:
- The model of Check Point firewall is 600, 700, 1100, 1200R, or 1400.
- The version running on the firewall is R77.20.70 or higher.
- The date, time and time zone are correctly set on the firewall.
- You have Telnet or SSH credentials and access to your Check Point firewall.
- The IP address of your Auvik collector is known.
If you have a shared collector and want to ensure that it receives netflow data to enable TrafficInsights, you will need to add the source IP address as a /32 in order for Auvik to register the flows from that specific address in the TrafficInsights portal. There may be some delay for the shared collector to receive the data after the change.
Note: Even if that source IP address is already being scanned, you must add a /32 targeting only the source IP address, due to some limitations, the collector can’t tell if it should be sent to site A or B.
Access your firewall CLI
- Telnet or SSH into your firewall.
- Enter privileged mode by typing enable and entering your enable password.
Enable the NetFlow export format
- On your firewall, execute the following command. Replace AuvikCollectorIp with the IP of your Auvik collector and AuvikPort with one of the following ports: 2055, 2056, 4432, 4739, 6343, 9995, or 9996.
add netflow collector ip <AuvikCollectorIp> port <AuvikPort> export-format Netflow_V9 <AuvikCollectorIp> is-enabled true
- Run the following command to confirm the configuration.
show netflow collector ip <AuvikCollectorIp> port <AuvikPort>
References: