Over the past couple months, the hot topic in the NetFlow world has definitely been the Cisco ASA. Since they can be found in networks both big and small, I feel like I’ve helped every network admin from here to Kalamazoo get one configured.
I was talking with someone today that was evaluating our NetFlow Analyzer and he was wanting to know how to see his ASA flows. I first wanted to make sure that he had configured it correctly, so I asked him:
“Did you find any documentation on getting the ASA configured?”
“Yeah, I found the configs on the Cisco website…”
Once he said that, it immediately came to mind that there might be a configuration adjustment that would need to be made when working with my collector. We logged into ASDM and sure enough, there was a small tweak we needed to make…
Like most Cisco devices, you can regulate how often your switch/router/firewall exports NetFlow. With the ASA, its necessary to configure the firewall to export a flow template every one minute.
This is critical since Scrutinizer will not be able to give you timely updates on your flows without those templates being sent on a regular basis.
To provide you with minute by minute updates on your flows, we need to modify the template timeout rate from the default value of 30 minutes, to 1 minute. Here’s a screenshot that demonstrates where to make this adjustment:
So if you find that Scrutinizer is able to discover your device, but there’s no interface data being displayed after a few minutes, I’d like to remind everyone to check their ASA and make sure you are running the optimal setup suggested above.
If you’d like to know more about the Cisco ASA, feel free to contact us and we’ll be happy to show you how to start monitoring your flows.