NetFlow is a network protocol developed by Cisco Systems to run on a range of network devices for collecting IP traffic information.
Previously only Cisco IOS routers and the Cisco 5580 ASA supported Netflow. But now with the introduction of Cisco ASA software 8.2, the complete ASA family now supports Netflow.
There are 3 event types that can trigger the creation of a Netflow record. These are `flow-create`, `flow-denied`, `flow-teardown`. You can also use `all` to trigger on any of these 3.
Below shows you an example of how to configure Netflow. In this example the Netflow server is location on the inside interface and has an IP of 10.1.1.10. Along with this all Netflow traffic will be sent via port 9998.
In this example I have added the class-map to the policy-map “global_policy”. Which in most cases should already be applied to the ASA globally (all interfaces) via the service-policy command.
ciscoasa(config)# flow-export destination inside 10.1.1.10 9998 ciscoasa(config)# access-list flow_export_acl permit ip any any
ciscoasa(config)# class-map flow_export_class
ciscoasa(config-cmap)# match access-list flow_export_acl
ciscoasa(config)# policy-map global_policy
ciscoasa(config-pmap)# class flow_export_class
ciscoasa(config-pmap-c)# flow-export event-type all destination 10.1.1.10
- How to Configure a BIND Server on Ubuntu - March 15, 2018
- What is a BGP Confederation? - March 6, 2018
- Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018
Want to become an IT Security expert?
Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial