Commit Failing When NetFlow Profile is Applied

Commit Failing When NetFlow Profile is Applied

23876
Created On 03/26/19 13:53 PM - Last Modified 12/18/19 01:10 AM


Symptom


Commit is failing when NetFlow profile is applied on an interface with error message. 
Error: NetFlow profile Netflow-Server-Profile used on interface ethernet1/3 without a valid service-route
(module: device)
Commit failed

The screenshot below shows a commit failure after applying a NetFlow profile on interface ethernet1/3.
User-added image

 

Environment


PA-5200 series firewalls
PA-70xx series firewalls
 

Cause


The commit will fail if a service route is not configured because you cannot use the management (MGT) interface to send NetFlow records from the PA-7000 Series and PA-5200 Series firewalls.

For other firewall models, a service route is optional. For all firewalls, the interface that sends NetFlow records does not have to be the same as the interface for which the firewall collects the records.


 

Resolution


Configure the service route for the NetFlow service.
  1. Navigate to Device > Setup > Services 
  2. Click "Service Route Configuration"
  3. Under Services, click NetFlow and select the required interface
    1. NOTE: (Any, Use default, and MGT are not valid interface options for PA-7000 Series or PA-5200 Series firewalls.)

User-added image
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/kcsArticleDetail?id=kA10g000000boRv&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FkcsArticleDetail

Choose Language