Extreme Networks

JohanHendrikx · ‎07-06-2018

After configuring EWC to send data to PurView Analiticys an strange problem happend.

The data that the AP send to Purview was detected by our wan router and send the to opur intenal firewall.

For the firewall thsi is spoofing because the networks are on the internal side.

I made a trace on oure firewall and the data was on the WAN interface

How can this be resolved ?

Johan Hendrik System Architect Audax

Zdeněk_Pala · ‎07-06-2018

Hi. There are two ways how the EWC does talk to Analytics Engine (purview). Option 1 (old) there is netflow and FirstN mirror. Option 2 (newew) there is only IPFix I do not expect any issue with option 2 as IPFix is standard UDP traffic. With Option 1 you can have issues with firewall. Officially the option 1 does require direct connection between EWC and the engine. You should be very carefull with anything between EWC and Engine. Even switch between EWC and Engine can be tricky (raw mirrored frames are there). Regards Z.

Regards Zdeněk Pala

JohanHendrikx · ‎07-06-2018

new configuration works. thanks

Johan Hendrik System Architect Audax

Mike_Thomas · ‎07-06-2018

Yes, It does need source WLAN or Ports as well. I omitted that for simplicity. You can add as few or as many as needed.

JohanHendrikx · ‎07-06-2018

But for data collection, I have to check the wlan's ?

Johan Hendrik System Architect Audax

Extreme Networks

EWC sends data to Purview. Wan router also see the data

EWC sends data to Purview. Wan router also see the data