Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1477
Views
0
Helpful
2
Replies

How to get a Connection Matrix out of the FireSight?

Go to solution
HELMUT DACHS
Level 1
Level 1

‎03-20-2015 05:21 AM - edited ‎03-12-2019 05:38 AM

Hi All,

did someone have a useful hint how i can get a usefull connection matrix out of the FireSight Management to create a Ruleset for the ASA, which is at the moment on pemit any .... Focus should be a list of source and destination IP with port and maybe a counter - did some investigation on the connection events - but it is too much information and too much same events - and i have only events from the last 2 days ... i would like to get the result maybe from one or two weeks - is there a way to do this?

 

Thank You in advance

Helmut

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
atatistc
Cisco Employee
Cisco Employee

‎03-20-2015 02:33 PM

You can generate reports based on connection events and connection workflows.  You could create a custom workflow with something like Initiator IP, Responder, IP, dst port, count.  That would give you the count of connections between a src/dst IP on a given dst port.  

As for connection history that's a tough one depending on the amount of traffic going through your device.  The default connection limit is 1M connections.  You can raise that in the System Policy database setting but be careful as bumping this up too high can cause it to take a long time to process connection event queries.  A week is really all we can ever hope for and even that is often too long (too many connections).

View solution in original post

0 Helpful
2 Replies 2

Go to solution
atatistc
Cisco Employee
Cisco Employee

‎03-20-2015 02:33 PM

You can generate reports based on connection events and connection workflows.  You could create a custom workflow with something like Initiator IP, Responder, IP, dst port, count.  That would give you the count of connections between a src/dst IP on a given dst port.  

As for connection history that's a tough one depending on the amount of traffic going through your device.  The default connection limit is 1M connections.  You can raise that in the System Policy database setting but be careful as bumping this up too high can cause it to take a long time to process connection event queries.  A week is really all we can ever hope for and even that is often too long (too many connections).

0 Helpful

Go to solution
HELMUT DACHS
Level 1
Level 1
In response to atatistc

‎03-23-2015 04:47 AM

Thank You - Thats working great - right in the way i need !!!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card