We'd love to hear about it! Click here to go to the product suggestion community
I just upgraded UTM to 9.701-6 and now the flow monitor and exported IPFIX for my AP-30 WIFI access points detect VXLAN for around 99% of the traffic and not the traffic within the encapsulation. It seems to be only affecting the AP-30 access points. I'm guessing because the access points are now using VXLAN encapsulation techniques? But now instead of specific apps, the majority is only firing on the VXLAN app signature and all that traffic is going transparent. I attached a before and after the 9.701-6 upgrade screenshots of exported IPFIX to show this major change. I would like to see the apps within the access points like before and not 99% of VXLAN. This seems like a bug to me in the flow data or signatures associated. Any thoughts? I'm using AP-30's and AP-10's but the AP-10's don't seem affected.
Would you please create a case for this? This would require to be investigated by Sophos Support engineers. Please PM me the case number once you've raised a service request.
In reply to Jaydeep:
I created a case number. I rebooted after the install and reset all my access points. The problem is a bit weird, but after I reset everything today, it appears to have corrected the IPFIX issue. I'm letting this "burn-in" for around 12 hours before I cancel the case number. Unless you think this still should be looked at?
This is before and after I reset everything. IPFIX seems to be working.
In reply to phantom:
Would you let this run over the weekend? You should check the status on Monday to see how things go before canceling the request.
Sounds good to me. I'll let it burn-in over the weekend.