topic Re: netflow not passing through the firewall in Network Security

netflow not passing through the firewall

jasmeet.guru — Fri, 21 Feb 2020 15:29:44 GMT

Hi,

I have configured flexible netflow on cisco 4351. I want to sync it with Solarwinds using port 2055. its generating stats, but some how all the netflow information is not passing through Cisco ASA as it is not syncing with Solarwinds (showing never under last received netflow).

Below is the config:-

flow record FLOW_RECORD_IPv4
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect counter bytes
collect counter packets
!
!
flow exporter EXPORTER_A.B.C.D
destination A.B.C.D
transport udp 2055
!
!
flow monitor FLOW_MONITOR_IPv4
exporter EXPORTER_A.B.C.D
record FLOW_RECORD_IPv4
!
interface GigabitEthernet0/0/2
ip flow monitor FLOW_MONITOR_IPv4 input
ip flow monitor FLOW_MONITOR_IPv4 output

Also, On ASA i have applied access-list to permit udp traffic on port 2055.

Suggestions please. Thanks in advance.

Re: netflow not passing through the firewall

Philip D'Ath — Thu, 08 Mar 2018 20:14:44 GMT

Is the ASA perhaps NATing the source address so when it arrives it appears to have come from a different IP address than your router?

Re: netflow not passing through the firewall

Florin Barhala — Fri, 09 Mar 2018 09:36:36 GMT

On the same idea as Philip, can you run a capture on ASA on the EXIT interface aka 2nd interface and check traffic status.

Re: netflow not passing through the firewall

jasmeet.guru — Fri, 09 Mar 2018 16:06:22 GMT

Hi Philip,

ASA is not NATing the source address from router, however the inside network (solarwinds address is NATed). I have applied the ACL for destination (solarwinds both Original and NATed address) to permit traffic from any source, no luck.

What should be changed ?

Re: netflow not passing through the firewall

Florin Barhala — Mon, 12 Mar 2018 15:06:34 GMT

Did you run the capture? What do you see there?

Instead of guessing we can review captured packet on different ASA interfaces.

Re: netflow not passing through the firewall

mahyatt — Wed, 20 Mar 2024 16:53:10 GMT

Not sure if you ever solved this. I have seen where the FTD drops traffic when the source IP used to originate UDP traffic does not have a route to send traffic back to the interface that it received the traffic from. The packet capture tool with trace can help identify this.