Enable VMware NSX-T DFW IPFIX
In
VMware Aria
Operations for Networks
, you can view DFW IPFIX flows.
You must enable DFW IPFIX flows in the NSX-T data source to view DFW IPFIX
flows.- Ensure that you have any one of the following privileges:
- enterprise_admin
- network_engineer
- security_engineer
- Ensure that the Distributed (DFW) firewall is enabled.
- Ensure that priority 0 is available for the Operations for Networks IPFIX profile. If there is another IPFIX profile with priority 0, then you have to change it to some other value.
From
NSX
version 4.1.2.2 and above, to receive DFW IPFIX flows, you
must have one of the following license options enabled in NSX
:- VMware Cloud Foundationcomponent NSX NetworkingandVMware Cloud Foundationadd-on: NSX Distributed Firewall or NSX Distributed Firewall with Advanced Threat Prevention
- NSX Enterprise Plus license.
VMware Aria
Operations for Networks
will receive gateway firewall flows with the
VMware Cloud
Foundation
license, and
distributed firewall flows with the NSX Distributed Firewall or NSX Distributed
Firewall with Advanced Threat Prevention license.To enable VMware NSX-T IPFIX
in
VMware Aria
Operations for Networks
:
- SelectEnable IPFIXwhen adding or editing an NSX-T Manager data source.
After you enable IPFIX,
VMware Aria
Operations for Networks
creates its own Operations for Networks Collector profile and Operations for
Networks IPFIX profile on NSX-T. Ensure that you do not modify any of these
profiles. After enabling IPFIX on NSX-T, if the flows are not
seen in
VMware Aria
Operations for Networks
, then the following events may occur: - Operations for Networks Collector Profile is not registered in the NSX-T Manager.
- Operations for Networks IPFIX Profile is not registered in the NSX-T Manager.
- Operations for Networks IPFIX Profile port number has changed.
- Operations for Networks Collector Profile does not match in the Operations for Networks IPFIX profile in the NSX-T Manager.To resolve all the above issues, enable NSX-T IPFIX again.
- Operations for Networks IPFIX Profile priority is not zero in the NSX-T Manager.To resolve this issue, log into NSX-T Manager and set the priority of Operations for Networks IPFIX Profile to zero.
- Operations for Networks Collector IP cannot be added in existing Operations for Networks Collector Profile in the NSX-T Manager.Delete one of the collectors from the Operations for Networks Collector Profile in the NSX-T Manager and re-enable NSX-T IPFIX from data source page.
- Distributed Firewall is deactivated in NSX-T Manager.Log into NSX-T Manager and enable the DFW firewall.
With NSX-T 2.4, after enabling IPFIX on NSX-T, if
the flows are not seen in
VMware Aria
Operations for Networks
, then the following events may occur:- Operations for Networks IPFIX Collector configuration is absent in NSX-T Manager collector profile.
- DFW IPFIX Profile is absent in NSX-T Manager.
All the logical switches present
in NSX-T are appended in the IPFIX profile within 10-15 minutes.