IPFIX ports not open on PRTG probes

Dear This Guy,

Thank you very much for your kb post.

Please download our NetFlow Tester. Pause the IPFIX sensor within PRTG. This is necessary to prevent the Port from being used while running the NetFlow Tester. Afterwards, run the NetFlow Tester on the same Probe (either Local Probe or Remote Probe) that has the affected sensor, configure the Tester properly and provide me with the results.

Thank you in advance.
Sebastian

Thanks Sebastian, I paused the sensor and started the NetFlow Tester. I could see the proper port open when I pressed start. However, nothing came in. I let it run for a few days while checking the settings on the sending device. I tried manually sending templates. Still nothing came in. Then when I turned the NetFlow Tester off and unpaused the sensor I could see that the port was opened by the PRTG probe! This was progress but still no data came in. I left everything configured the way I thought it should be.

Three days later I started getting IPFIX packets coming in but I also started getting "NetFlow data dropped (code: PE082) The NetFlow sensor has received and dropped flows with a timestamp older than the timespan defined by the active flow timeout" errors with it. I'm using the recommended timeout of 9 minutes. I bumped it up to 10 minutes and I'm still getting that error 1 or 2 times a day.

Unfortunately, I'm not sure why it suddenly started working and I also don't know why I'm getting the timestamp errors. It's possible these things are related?

Hi there,

Please find further information regarding the Active Flow Timeout here.
The Active Flow Timeout within the sensor settings should be configured 1 minute greater than the flow timeout in the configuration of the monitored device, usually we say 5 minutes for the device and 6 minutes for the sensor in PRTG.

Do I understand you correctly that the sensor show a valid output for most time of the day? It can be related to the Active Flow Timeout though, please see the linked article above.

Best regards,
Sebastian

Thanks, I have already seen that article. The official guide for my SonicWALL device says to set it for 9 minutes and after reading your KB I had set my timeout to 10 minutes, just to be safe. I am getting data and I get these errors a few times a day.

Also the data appears to be incorrect, showing 4.77 kbit/s average and 15 kbit/s MAX usage. Where my SNMPv3 probe shows that we pull 1,961 kbit/s average and 78,957 kbit/s MAX.

Hi there,

Please make sure that you follow this guide published by SonicWall:

• How to configure a SonicWall device for AppFlow Reports with PRTG

Please be aware that as noted in the article, IPFix with extensions are not supported by PRTG.

Best regards,
Sebastian

That is the official guide I was referring to that cites 9 minute timeout. Like I said, I'm set to 10 minutes now and still getting the error from PRTG.

Hi there,

it appears as there is still some misleading data coming from the device in regards to the Active Flow Timeout. We've already seen this in a couple of devices / configurations in the past. Please try to improve the sensor's behavior by adjusting the Active Flow Timeout within the sensor in PRTG to 0. This might create spikes but all data will be captured.

If you still encounter any further issues regarding the sensor, please contact us directly via email to support@paessler.com. Please mention the knowledge base article so the case will be assigned to me.

Best regards,
Sebastian

Ok, thanks. I'll set the timeout to infinite and see how it goes.