Netflow w/Sonicwall NSA3500 -bandwidth disparity

Hello,

seeing as this seems to be a Sonicwall device, there might be an explanation, that Sonicwall does send slightly different Netflow9-packets which do not fully comply with the standard of Cisco Netflow 9 packets (for which the sensors are developed for).
The Toplists "ignore" the Active Flow Timeout, but the normal sensor results do not, so it's very likely that this is an issue with the Sonicwall sending packets with a "wrong" active flow timeout (compared to the setting in the Sensor).
Unfortunately, as we do not have Sonicwall devices in our lab, we can't test this, but we've seen some cases where the Sonicwalls were not properly working with Netflow 5 or 9 sensors.

best regards.

Hi, I know this is an old post, but I am having the same problem with a SonicWALL device. Do you have any new information or configuration advice regarding the data variance in the Live data reporting (when compared to the Top Talkers/Connections/Protocols)

I'm very much afraid we have seen similar cases with Sonicwall devices sending Flow/IPFIX-Data. They do not seem to send 100% standard complying flow-data (what PRTG expects in terms of Cisco Netflow 9 or IPFIX standard). Some of our users who experienced similar issues with Sonicwall were able to solve this with changing the active flow timeouts on the sending devices and in PRTG. It should be worth to try this. Otherwise we can only suggest to consult with Sonicwall directly.