Re: I want to know all the traffic in the Cisco ASA in SecurityOnion

Hugues Hermann · ‎06-21-2023

Hello, Sorry for my bad english. I am a novice in networking and especially in the use of the Cisco ASA firewall. For a project at school I have to use SecurityOnion to monitor the traffic in a Cisco ASA firewall. The problem is that I was able to do this with PfSense, which natively supports port mirroring, which is not the case for ASA, from what I've read on this forum. So I thought of using a Cisco switch for port mirroring, but would I be able to see all the traffic coming in and out of the ASA with the switch connected to a ASA port?

Aref Alsouqi · ‎06-21-2023

Port mirroring could be an option, you can configure the switch to look at the inside and outside interfaces of the firewall and mirror their traffic. Another option would be to use NetFlow, in this case the firewall will send the traffic flows to a remote NetFlow collector, a free example of this would be the free version of PRTG.

Hugues Hermann · ‎06-21-2023

Thank You @Aref Alsouqi for your answer. I will make research on PRTG. But I want to know my topology is exact? If Yes how can i see all the traffic from inside and outside at the same time? If you have a procedure I will be happy to learn

Aref Alsouqi · ‎06-23-2023

You're welcome. If you mirror the traffic of the inside and outside ports you would see all the traffic passing through. Same with NetFlow, if you send the flows from both the inside and outside interfaces it would feed the ingress and egress flows.

Flavio Miranda · ‎06-21-2023

Hi

Which ASA is it? Some models does support port mirroring

Hugues Hermann · ‎06-22-2023

Hello @Flavio Miranda; I'm using Asav 9.16 actually on GNS3. I'm training home to learn the basics.

Flavio Miranda · ‎06-22-2023

Try it on your firewall.

https://cybersecurity.att.com/documentation/usm-anywhere/deployment-guide/portmirroring/cisco-asa.htm