Configuring netflow on FTD firewall 6.4

wanwa01 · ‎05-14-2020

Hi guys,

Need your help on below situation.

I would like to configure the netflow on the FTD. FMC is running on 6.4. I created new flexconfig object and defined the destination. Created new flexconfig policy and assign the firewall accordingly. These are fine.

Then i assigned the flextconfig object to the append flexconfigs.

when i tried to you use the preview config and select the firewall i wanted to, there is no cli config shown related to flow configuration. Also no policy-map global_policy being shown as well.

Just wondering if this a bug or and i need to push to see if that working?

wanwa01 · ‎05-14-2020

the snip or preview config attached

Marvin Rhoads · ‎05-14-2020

For FTD 6.6 and all earlier releases the source interface for Netflow must be the diagnostic interface. Netflow is handled by the LINA (ASA) susbystem exclusively.

wanwa01 · ‎05-14-2020

Hi Thanks for reply.

>From the Cisco note, it mentioned I can use other interface. If I use other interface, is the MANAGEMENT name is the mandatory to be used for that interface?
Would it not work if using another interface?

Note:
Alternatively, a different physical / logical interface may also be used for exporting NetFlow
instead of the diagnostic0/0 interface. The process to configure the interface remains the
same as given below.
Configure the Logical Name and IP address for this interface, if not already done earlier. Click on
the edit (Pencil icon) for the Diagnostic0/0 interface.
Set the name as MANAGEMENT and click on the IPv4 tab to set the IP address and prefix. The IP
address provided here must be in the same subnet as the Management interface of the FTD

At the same time, the firewall is running transparent and using BVI. Can I use BVI for transparent firewall?

Marvin Rhoads · ‎05-15-2020

I've never tried it with transparent mode. I do know it works with the diagnostic interface.