Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1816
Views
0
Helpful
0
Replies

How netflow works with ASA Firepower and Virtual Defense ?

Nicolas BOULET
Level 1
Level 1

‎04-04-2015 11:20 AM - edited ‎03-12-2019 05:39 AM

Hi,

 

 In the discovery rules of the Virtual Defense, i can see that's it's possible to configure netflow source. I have a pair of Cisco 4500X as the core switch L3, and would like to send a flow to the IPS.

 

 I configure the switch like that :

flow record IPV4-FLOW-RECORD
 match ipv4 tos
 match ipv4 protocol
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
 collect interface input
 collect interface output
 collect counter bytes long
 collect counter packets long
!

 

flow exporter Firepower
 source Vlan12

 destination IP_OF_tHE_ASA_IPS_MODULE
!

 

flow monitor IPV4-FLOW
 exporter Firepower
 cache timeout inactive 30
 cache timeout active 60
 cache entries 1000
 record IPV4-FLOW-RECORD
!

vlan configuration 100-102 ip flow monitor IPV4-FLOW input

 

It's the correct configuration ? Can't see how to check in Virtual Defense if it's receive netflow packets

 

 

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card