topic Re: Netflow on Asa in Network Security

Netflow on Asa

sv7 — Fri, 06 Aug 2021 13:25:01 GMT

Hello All,

Need to configure Netflow on Cisco FTD 2130 running ASA image. Could anyone guide me is it any hardware or software limitation i need to look to configure netflow on my device or i can follow any ASA command guide to configure netflow

Re: Netflow on Asa

balaji.bandi — Fri, 06 Aug 2021 13:29:24 GMT

If you running ASA code on Firepower, you follow same ASA command

below guide help you :

https://www.cisco.com/c/en/us/td/docs/security/asa/special/netflow/asa_netflow.html

we use NPM below guide help me :

https://support.solarwinds.com/SuccessCenter/s/article/NetFlow-Configuration-Example-Cisco-ASA?language=en_US

Re: Netflow on Asa

Rob Ingram — Fri, 06 Aug 2021 13:32:08 GMT

@sv7 this information can be found by checking the cisco docs or using google.

E.g.

https://community.cisco.com/t5/security-documents/netflow-on-asa/ta-p/3119176#toc-hId--1895058384

Limitations

Template refresh records can only be sent based on time intervals, not based on number of data records.
NetFlow records can not be seen live on the ASA as data is collected.
NetFlow has a significant performance impact, but it should not be any worse than normal syslog operations of the same information. There will be an uptick in memory but it should also be minimal. NetFlow configured with overlapping syslogs can cause a significant performance hit.

Re: Netflow on Asa

sv7 — Sat, 07 Aug 2021 09:18:19 GMT

Hello Rob,

Thank you for your reply.

Could you please put more light on below sentence.

NetFlow has a significant performance impact, but it should not be any worse than normal syslog operations of the same information. There will be an uptick in memory but it should also be minimal. NetFlow configured with overlapping syslogs can cause a significant performance hit.

Would my asa reboot or anything that would cause network interruption in my organisation ?

Also What can I do to prevent or avoid such performance hit

Re: Netflow on Asa

Rob Ingram — Sat, 07 Aug 2021 09:36:36 GMT

@sv7

Most of the cisco netflow documentation on the internet and provided here is quite dated, hardware performance has increased considerably since some of those cisco guides were created. We've no idea about your network infrastructure, nor the load on your existing hardware. There will be some performance impact, but if your ASA is running at 5% CPU, then enabling netflow, another 5-15% (if that) CPU load increase isn't going to make a difference to the overall performance.

Here is a link with a load of information on netflow performance, read through. Here is another.

If you think enabling netflow is going to be a problem, you can avoid a performance hit by not enabling netflow.

You need to determine the current load on your ASA and use your judgment before enabling.