The Cisco ASA is a great tool for Cyber Threat Defense. In part one of this blog I described the 3 components of Cisco’s threat defense solution. In this half I will be showing you some more benefits of the solution, and how it can be used in correlation with other technologies to give you end to end visibility in your network.

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

The Cisco ASA Cyber Threat Defense solution is made up of 3 components.  The first is a basic network threat detection tool and is enabled by default on all ASA’s with 8.0(2) or later firmware. Basic threat detection monitors the rate at which packets are dropped by the ASA device. Because it is just monitoring for dropped packets across the whole appliance, the information is typically not enough to provide information about the source or nature of a malicious threat but could be a sign that some sort of nefarious activity is occurring and can be very useful for internet threat defense when exported to a logging tool using NSEL or syslogs. Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Although the Cisco ASA NetFlow exports have had some problems in the past, Cisco was the first vendor to export flows from a firewall so a few issues out of the gate are almost expected.  Despite a few enigmas, it was still great to have and certainly better than nothing. In order to optimize the network for speed and reliability, IT professionals are always looking for more visibility into traffic. Therefore more information exported via NetFlow is always better. Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Now that VMware vSphere ESX v5.1 supports IPFIX you may be wondering how to configure it; in fact, today I’m going to show you just that in a couple easy steps. VMware IPFIX support is a very exciting feature that will help with performance monitoring and can make virtual network management a lot easier to accomplish. Monitoring virtual servers has never been easier! Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Are you having trouble exporting encrypted NetFlow traffic over your IPsec tunnel?  When using a IPsec encrypted VPN, packets transferred are required to have the same output features of the tunnel; namely QoS and Encryption. Only if the output features are applied on the packets will they be sent to the destination over the VPN.  This post will tell you how to get the data you want. Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

A neat upgrade in VMwares’s vDS 5.1(vSphere) is the introduction of IPFIX.  While ESX has supported NetFlow for a long time now; with version 5.1 they have joined the long list of vendors who support IPFIX. It is a more advanced and flexible protocol that enables users to define the flow records that can be collected at the VDS and sent across to a collector.  The following are some key attributes of the protocol:

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Have you been looking for a Zenpack that would allow seamless integration of Zenoss and the NetFlow tool Scrutinizer? Well you have come to the right place! Today I will be showing you how to complete the configuration of this integration. Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Finally, Cisco ASA NSEL details from a best at NetFlow reporting solution. NSEL allows for reporting on the non-traditional elements such as username, NAT, ACLs, etc. If you have not worked with technology before you may be pondering where all of this information comes from, and what it means. Today I will help clarify this for you by comparing Cisco’s event ID’s to syslogs. Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Today I will show you how to configure PfSense NetFlow export on one of the more popular open source firewalls.

It is a great firewall that includes a long list of related features, as well as a package system that allows for further expandability. One of the many packages available is pfflowd, which converts OpenBSD PF status messages into Cisco NetFlow datagrams. This allows you export it to an external collector and gives historical reporting of your network activity. Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

System requirements for a NetFlow collector are a lot higher than the average program. While I am still the “new guy” in support I am already seeing some trends here at Plixer. The majority of cases I have been working with involve servers that seem to run slow despite being on top of the line equipment. Nearly every time this issue comes up it is caused by an improper hard disk configuration.

One of the most overlooked NetFlow Collector System Requirements that write heavy database servers have is disk IOPS (Input/output Operations per Second). You have to remember that a spinning disk is very limited on how many writes it can make at any given time, and if the collector cannot write to the disk fast enough it can cause a lot of problems.  This has been the root cause of a lot of slow NetFlow collectors.

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!