VMware Aria Operations for Networks 6.14

6.14 6.13 6.12 6.11 6.10
简体中文 Deutsch Español Français 日本語 한국어 繁體中文 English

Enable VMware NSX-T DFW IPFIX

In
VMware Aria Operations for Networks
, you can view DFW IPFIX flows. You must enable DFW IPFIX flows in the NSX-T data source to view DFW IPFIX flows.
  • Ensure that you have any one of the following privileges:
    • enterprise_admin
    • network_engineer
    • security_engineer
  • Ensure that the Distributed (DFW) firewall is enabled.
  • Ensure that priority 0 is available for the Operations for Networks IPFIX profile. If there is another IPFIX profile with priority 0, then you have to change it to some other value.
From
NSX
 version 4.1.2.2 and above, to receive DFW IPFIX flows, you must have one of the following license options enabled in
NSX
:
  • VMware Cloud Foundation
     component NSX Networking
    and
    VMware Cloud Foundation
     add-on: NSX Distributed Firewall or NSX Distributed Firewall with Advanced Threat Prevention
  • NSX Enterprise Plus license.
VMware Aria Operations for Networks
 will receive gateway firewall flows with the
VMware Cloud Foundation
 license, and distributed firewall flows with the NSX Distributed Firewall or NSX Distributed Firewall with Advanced Threat Prevention license.
To enable VMware NSX-T IPFIX in
VMware Aria Operations for Networks
:
  1. Select
    Enable IPFIX
     when adding or editing an NSX-T Manager data source.
After you enable IPFIX,
VMware Aria Operations for Networks
 creates its own Operations for Networks Collector profile and Operations for Networks IPFIX profile on NSX-T. Ensure that you do not modify any of these profiles.
After enabling IPFIX on NSX-T, if the flows are not seen in
VMware Aria Operations for Networks
, then the following events may occur:
  • Operations for Networks Collector Profile is not registered in the NSX-T Manager.
  • Operations for Networks IPFIX Profile is not registered in the NSX-T Manager.
  • Operations for Networks IPFIX Profile port number has changed.
  • Operations for Networks Collector Profile does not match in the Operations for Networks IPFIX profile in the NSX-T Manager.
    To resolve all the above issues, enable NSX-T IPFIX again.
  • Operations for Networks IPFIX Profile priority is not zero in the NSX-T Manager.
    To resolve this issue, log into NSX-T Manager and set the priority of Operations for Networks IPFIX Profile to zero.
  • Operations for Networks Collector IP cannot be added in existing Operations for Networks Collector Profile in the NSX-T Manager.
    Delete one of the collectors from the Operations for Networks Collector Profile in the NSX-T Manager and re-enable NSX-T IPFIX from data source page.
  • Distributed Firewall is deactivated in NSX-T Manager.
    Log into NSX-T Manager and enable the DFW firewall.
With NSX-T 2.4, after enabling IPFIX on NSX-T, if the flows are not seen in
VMware Aria Operations for Networks
, then the following events may occur:
  • Operations for Networks IPFIX Collector configuration is absent in NSX-T Manager collector profile.
  • DFW IPFIX Profile is absent in NSX-T Manager.
To resolve these issues, enable DFW IPFIX again.
All the logical switches present in NSX-T are appended in the IPFIX profile within 10-15 minutes.

Content feedback and comments