https://community.cisco.com/t5/network-security/firewall-with-netflow-and-wccp-cisco-wsa/m-p/3371760#M961321 <P>I believe one problem with this setup is that the WSA sends the responds directly to the host and not to the ASA. If the ASA does not see the entire session it can't send netflow reports on that traffic.</P> <P>If the WSA can't use the cache for answering it will send out the request with its own IP and that traffic goes properly through the ASA and it is properly reported by netflow.</P> <P>One possible solution would be to activate netflow on other downstream devices, unfortunately WSA doesn't support netflow as far as I know.</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/116046-config-wccp-asa-00.pdf" target="_blank">https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/116046-config-wccp-asa-00.pdf</A></P> <P><A href="https://bst.cloudapps.cisco.com/bugsearch/bug/CSCzv64580/?rfs=iqvred" target="_blank">https://bst.cloudapps.cisco.com/bugsearch/bug/CSCzv64580/?rfs=iqvred</A></P> <P>&nbsp;</P> <P>HTH</P> <P>Bogdan</P> Tue, 24 Apr 2018 09:45:15 GMT Bogdan Nita 2018-04-24T09:45:15Z https://community.cisco.com/t5/network-security/firewall-with-netflow-and-wccp-cisco-wsa/m-p/3371023#M961320 <P>I need some assitance with using NetFlow in combination with WCCP.</P> <P>&nbsp;</P> <P>We have a firewall enabled with WCCP and NetFlow exporting the flow to a NetFlow analyzer. The issue at hand is that all traffic that is redirected by the WCCP rule, shows as the IP from the Cisco WSA.</P> <P>&nbsp;</P> <P>Is it possible to get more accurate data, in stead of the NetFlow result showing the WSA generating traffic?</P> Fri, 21 Feb 2020 15:39:47 GMT https://community.cisco.com/t5/network-security/firewall-with-netflow-and-wccp-cisco-wsa/m-p/3371023#M961320 wijngaarden.m 2020-02-21T15:39:47Z https://community.cisco.com/t5/network-security/firewall-with-netflow-and-wccp-cisco-wsa/m-p/3371760#M961321 <P>I believe one problem with this setup is that the WSA sends the responds directly to the host and not to the ASA. If the ASA does not see the entire session it can't send netflow reports on that traffic.</P> <P>If the WSA can't use the cache for answering it will send out the request with its own IP and that traffic goes properly through the ASA and it is properly reported by netflow.</P> <P>One possible solution would be to activate netflow on other downstream devices, unfortunately WSA doesn't support netflow as far as I know.</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/116046-config-wccp-asa-00.pdf" target="_blank">https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/116046-config-wccp-asa-00.pdf</A></P> <P><A href="https://bst.cloudapps.cisco.com/bugsearch/bug/CSCzv64580/?rfs=iqvred" target="_blank">https://bst.cloudapps.cisco.com/bugsearch/bug/CSCzv64580/?rfs=iqvred</A></P> <P>&nbsp;</P> <P>HTH</P> <P>Bogdan</P> Tue, 24 Apr 2018 09:45:15 GMT https://community.cisco.com/t5/network-security/firewall-with-netflow-and-wccp-cisco-wsa/m-p/3371760#M961321 Bogdan Nita 2018-04-24T09:45:15Z