Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
914
Views
0
Helpful
0
Replies

FTD as Netflow collector on 6.6

ebng
Level 1
Level 1

‎05-25-2021 11:04 AM

Hey all,

 

I'm having some issues viewing any Netflow connections being sent to an FTD and think something got broken in 6.6.  I have a single Passive port on a FP2110 in my "Netflow" zone connected to an ISR4331.  That ISR is sending Netflow data with a source IP of 10.10.100.1 to a destination address of 10.10.100.2.  Since my FP2110 is in Passive mode and doesn't have an IP address, I had to configure a static NAT entry on the ISR for 10.10.100.2.  This was a hack of sorts because I could never figure out any other way to send Netflow data to my FTD.  This all worked just fine when my FMC and FTD were on 6.4.0.9 and I've confirmed my ISR is still sending the Netflow data.  In the past, I could login to my FMC, go to Analysis->Connections->Events, search for Netflow traffic from 10.10.100.1 and display everything it sent.  Now that I'm on 6.6.1, I'm not seeing anything.  I think this has to do with some updates to how Network Discovery policies are configured.  In the past, when you created a Network Discovery profile, you could assign your network, zone, Network Device and select an Action of either Discover or Exclude.  We would select Discover and then select Hosts, Users and Applications.  Today, if you select Discover, Users is greyed out (for whatever that's worth).  However, there's also a new option to "Log Netflow Connections".  I tried selecting that instead, but no luck.  

 

Now, to make things a little more interesting, I'm also having the same issues with a FP7030 on 6.4.0.9 being managed by an FMC on 6.6.1.  This definitely worked when they were both on 6.4.0.9 so it would seem the FMC is actually the issue.  Again, I suspect it has something to do with the updates to the Network Discovery policies.   At this point, I'm pretty much out of ideas and can't find any good documentation on the topic.  My next step will probably be to get a TAC case opened up, but I don't have much faith in the prospect of getting a speedy resolution.  If anyone has any other thoughts or could point me in the right direction, I'd appreciate the assistance.  Thanks in advance.

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card