Okay, back to the basics. We’ve been working with Cisco NetFlow technology for many years now, but what is NetFlow?

NetFlow is a traffic profile monitoring technology developed by Darren Kerr and Barry Bruins at Cisco Systems, back in 1996. At that time, network monitoring mostly consisted of seeing how much traffic was traversing your network, but did not include what that traffic was.
Read more »

A customer called the other day regarding NetFlow collection and interface descriptions not matching the correct interface instance numbers.  I’d seen this issue before and knew it was not related to the NetFlow configuration, but rather that the device in question was exporting the wrong interface information in the NetFlow packets.

Michael Patterson addressed this issue in his blog, “Messed Up Interface names in Scrutinizer” in February.

To summarize Michael’s blog, the device in question was including interface instance numbers from enterprise mibs in the NetFlow packets, and most NetFlow Traffic Analyzers get the interface descriptions from the standard MIB-2 ifIndex tables.
Read more »

Hi there all! Another week is coming to close and I hope its been a good one. With the Cisco ASA being the hot topic for the past couple months, I wanted to share this blog with you.

This is a very important topic, since this will help you understand how the ASA reports conversations differently from other switch/router counterparts. Let’s take a look:

Undirectional NetFlow:

Traditionally, NetFlow is a unidirectional technology. As an example, when host A sends traffic to host B, this will create a single flow. When host B replies, a second flow is created within the router cache. So using that example, conversation A –> B creates a flow of 500kb. The return reply from B –> A will create a separate flow of 75kb.

Bidirectional NetFlow:

As of today, I’ve only ever seen bidirectional flows from the Cisco ASA. To summarize though: instead of getting two flows as illustrated above, you will only get one flow from the host who initiated the conversation. However, within that one flow, you will have the correct total of traffic for the connection and reply. So take the conversation I used in the example of Unidirectional Flows: A –>B = 500kb, B –> A = 75kb

Since there is only one flow created, this one flow will present the total of 575kb, A –> B = 575kb, instead of breaking into two summaries.

This is a strange way of rendering a flow, if you want my opinion. I’m not sure why Cisco decided to implement this, since it makes it tougher to figure out the flow direction.

“So this 575kb conversation, is this from A –> B or is this B –> A?”

Regardless,we should be grateful to have a firewall exporting NetFlow in the first place and I’m sure everyone else feels the same way…

If you would like more information regarding the unique properties of the ASA, please give us a call and we’ll be happy to help.

Nate

When was the last time you used a Network General Sniffer™?  Do you remember the Matrix view? Read more »

Michael Patterson
Scrutinizer Product Manager

Over the past couple months, the hot topic in the NetFlow world has definitely been the Cisco ASA. Since they can be found in networks both big and small, I feel like I’ve helped every network admin from here to Kalamazoo get one configured.

I was talking with someone today that was evaluating our NetFlow Analyzer and he was wanting to know how to see his ASA flows. I first wanted to make sure that he had configured it correctly, so I asked him:

“Did you find any documentation on getting the ASA configured?”

“Yeah, I found the configs on the Cisco website…”

Once he said that, it immediately came to mind that there might be a configuration adjustment that would need to be made when working with my collector. We logged into ASDM and sure enough, there was a small tweak we needed to make…

Read more »

Since the launch of our Systrax community website, we have written over three hundred blogs and generated two unique cases of Carpal Tunnel to bring you informative and sometimes quasi entertaining content.

I think its time though to lasso in some of the highlights over the year into one summary blog for quick and easy reference. This blog will link to others that have answered some of the more commonly asked questions. We hope you enjoy it.

Read more »

NSEL (NetFlow Security Event Logging) is the type of NetFlow exported from an ASA Firewall. The purpose of NSEL is to track firewall events via NetFlow and to have a summary of all conversations associated with that event type.

The three most popular event types that trigger a NetFlow record are:

                                            * flow-create
                                            * flow-denied
                                            * flow-teardown

Read more »

In case you haven’t noticed, NetFlow support for Cisco ASA firewalls is a hot topic around here lately. Since Mike helped you get NetFlow configured using ASDM 6.2 on your Cisco ASA, I thought I might blog about how to configure SNMP on your Cisco ASA using ASDM.

The first order of business is to navigate to the screen shown below:

Read more »

Jon Mills
Marketing & Public Relations Manager
Follow Me On Twitter

When Cisco launched the release of ASA software v8.2, there was a LOT of excitement. Finally, Cisco had included NetFlow support for another key device in everyone’s network. Naturally, everyone ran around looking for the latest configs to enable NetFlow for the ASA.

However, once NetFlow collectors got their hands on those ASA NetFlow records, we all saw some really strange results.

A couple of months ago, we had asked our customers to help us in finding some answers. With the assistance of Wireshark, we collected a plethora of data to make sense of this puzzle.
After diligent study, we finally had some answers…

Read more »

In case you haven’t noticed, we have been loving ourselves some NetFlow Cisco ASA support around here lately. With the release of Scrutinizer NetFlow & sFlow Analyzer version 7, Plixer has become the only network monitoring company that offers full support for the NetFlow being exported from ASA hardware. If you have a need to configure the Cisco ASA firewall to export NetFlow and aren’t sure where to begin, then you have come to the right place.

Now that I have rambled enough about Scrutinizer and Cisco ASA firewalls co-existing in sheer harmony, I should probably mention the topic at hand – webinars. Last week, Scrutinizer Product Manager, Michael Patterson, presented a series of webinars. If you missed these, then here is the physical proof that they happened. We had quite a few requests (as we always do) to post a recording online. So here you are!

Scrutinizer Webinar
Scrutinizer Cisco ASA NetFlow Support in Scrutinizer and other new features

As always, if you have additional questions about setting up and configuring the Cisco ASA firewall to work with Scrutinizer, or any other topics covered in the webinar, don’t hesitate to contact us at 207-324-8805.

Jon Mills
Marketing & Public Relations Manager
Follow Me On Twitter