On 7K and 52XX PA FW platforms, even when service route for Netflow is set to use specific interface, it can happen that Netflow packets sent by the FW are taking different interface, and are sourced from different IP address than what is set in service route configuration.
In the example below, interface ethernet1/1 (IP:10.220.254.241) is configured for Netlow service route:
set deviceconfig system route service netflow source address 10.220.254.241/28
set deviceconfig system route service netflow source interface ethernet1/1
Netflow Server profile contains one server with IP 10.193.114.138:
set shared server-profile netflow Test server test1 host 10.193.114.138
set shared server-profile netflow Test server test1 port 2055
set shared server-profile netflow Test template-refresh-rate minutes 1
set shared server-profile netflow Test template-refresh-rate packets 10
set shared server-profile netflow Test active-timeout 5
set shared server-profile netflow Test export-enterprise-fields yes
In the routing table we have route for Netflow server pointing to interface ethernet1/2.2321:
show routing route | match 10.193.114
10.193.114.136/29 10.193.114.139 0 A C ethernet1/2.2321
On the Netflow server side, in the packet capture, it can be seen that FW is sending Netflow packets with source IP of 10.193.114.139 (ethernet 1/2.2321), not the IP that is configured under service route:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth2, link-type EN10MB (Ethernet), capture size 65535 bytes
02:20:26.328551 IP 10.193.114.139.2055 > 10.193.114.138.2055: UDP, length 1400
02:20:26.828916 IP 10.193.114.139.2055 > 10.193.114.138.2055: UDP, length 1400
This behavior is expected on 7K and 52XX platforms since all NetFlow processing happens on the DP for these platforms, so the routing table has to be used to send out the NetFlow packets. The configured source interface of the service route is used to get the Virtual Router where further route lookup should be done, and then a route lookup is performed for the NetFlow server address to determine the egress interface and source IP address of the packets.