Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
295
Views
0
Helpful
2
Replies

How to analyse traffic, then build ACL rules?

handsy
Level 1
Level 1

‎10-01-2015 01:18 AM - edited ‎03-11-2019 11:40 PM

I am building a new network solution and at the perimeter I have an ASA firewall.

At the moment, as it is in a pre-production state, I have a completely open ACL. Obviously, I will need to harden this up, but to do that I wondered if there was a way to analyse existing flows and build ACL rules around them?

Trying to manually identify all the ports/protocols/IPs, etc is a very laborious task.

Are there any automated tools out there (Open Source please!) that do this?

Does anyone on here have any handy hints that could reduce the man hours I'll have to spend?

 

Any comments welcome :)

Labels:
0 Helpful
2 Replies 2

Seb Rupik
VIP Alumni
VIP Alumni

‎10-01-2015 04:35 AM

Hi there,

Configure netflow and send the collected data to a netflow processor.

 

My netflow collector of choice is nfdump/nfsen (http://nfsen.sourceforge.net/), it is simple to configure and of course open-source.

 

You could also enable threat-detection statistics on your ASA, but this take an additional hit on the CPU:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/firewall/asa-firewall-cli/protect-threat.html#pgfId-1316394

 

cheers,

Seb.

0 Helpful

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎10-04-2015 02:27 AM 

I am building a new network solution and at the perimeter I have an ASA firewall.

At the moment, as it is in a pre-production state, I have a completely open ACL. Obviously, I will need to harden this up, but to do that I wondered if there was a way to analyse existing flows and build ACL rules around them?

Trying to manually identify all the ports/protocols/IPs, etc is a very laborious task.

Are there any automated tools out there (Open Source please!) that do this?

Does anyone on here have any handy hints that could reduce the man hours I'll have to spend?


Any comments welcome :)

Hi,

You can send the traffic logs to syslog server and from there you can create convertible excel format of all traffic pattern to create a ACE for ASA.

Hope That Help..

-GI

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card