Skip to main content
Version: Next

Connectivity & Firewalls

If you have successfully installed NetFlow Optimizer (NFO) but cannot access the Web UI, or if you don't see incoming traffic on the Status page, follow these steps to verify internal processes and external connectivity.

1. Verify Internal Processes and Ports

NFO relies on three primary components. Use netstat to confirm they are listening on their respective ports.

Web UI and Controller (Tomcat)

The Web interface and the controller logic run on ports 8443 (HTTPS) and 20047 (Internal).

sudo netstat -npl | grep jsvc

Expected Output: Listeners on :::8443 and 127.0.0.1:20047.

Configuration Database

The NFO database must be available on port 9001.

sudo netstat -nptl | grep :9001

Expected Output: A listener on 127.0.0.1:9001.

NFO Processing Engine

The core engine (nfc_svr) listens for control commands on 20048 and flow data on your configured input ports (default 9995).

sudo netstat -npl | grep nfc_svr

Expected Output: Listeners on 127.0.0.1:20048 and :::9995 (UDP).

2. Check Local Firewall Rules

If processes are running but ports are inaccessible from outside the host, check your OS-level firewall.

Ubuntu / Debian (ufw)

sudo ufw status verbose

Required Rules:

  • 8443/tcp ALLOW IN (Web UI)
  • 9995/udp ALLOW IN (Flow Input)
  • 162/udp ALLOW IN (SNMP Traps, if used)

Red Hat / Rocky / CentOS (firewalld)

sudo firewall-cmd --list-all

Ensure 8443/tcp and your flow input ports (UDP) are listed in the ports section.

3. Identify Rejected Connections

If the firewall is active, it may be silently dropping traffic. Use the following to check for blocked packets.

Ubuntu/Debian (ufw):

dmesg | grep UFW | grep BLOCK

Red Hat/CentOS (firewalld):

  1. Enable logging: sudo firewall-cmd --set-log-denied=all
  2. Check logs: dmesg | grep REJECT

4. Test External Traffic Flow

If the Status page shows no traffic, verify that packets are actually reaching the server using tcpdump.

Verify Incoming Flows

Run this to see if any UDP traffic is hitting your flow input port:

sudo tcpdump -i any udp port 9995

Verify Outgoing Traffic (to SIEM/Destination)

If NFO shows outgoing traffic but your SIEM is empty, check if NFO is successfully sending data out:

# Replace 10.1.7.57 with your SIEM/Destination IP
sudo tcpdump -nnAs0 dst 10.1.7.57 and udp

Advanced: Capture for Analysis (PCAP)

To capture a sample of traffic to analyze the flow headers or content:

sudo tcpdump -i any -p -s 0 -w netflow_sample.pcap dst port 9995

tip

If tcpdump shows traffic arriving but the NFO Status page shows no Incoming Packets, double-check that your Input configuration in the NFO Web UI exactly matches the port and protocol (NetFlow v5, v9, IPFIX, etc.) being sent by your exporters.

Next Step: If connectivity is verified but issues persist, proceed to Logs & Diagnostics to examine internal system events.