Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
864
Views
15
Helpful
5
Replies

internet ckt is saturated- FMC doesn't show the top use correctly.

Go to solution
loc.nguyen
Level 1
Level 1

‎05-09-2022 08:05 AM

Hi,

We have an issue that the internet is statured on a FTD.

It doesn't seem FMC tools can help figure out what causes it. Or I did not find the right place to look into it yet.

Could you advise?

Thanks

Loc

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-09-2022 10:07 AM

Exporting Netflow data from your FTD is the best way to visualize and analyze the usage of your system on a per-user (or per-address actually in most cases) basis. I have used the free PRTG version for such cases before.

View solution in original post

5 Replies 5

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-09-2022 10:07 AM

Exporting Netflow data from your FTD is the best way to visualize and analyze the usage of your system on a per-user (or per-address actually in most cases) basis. I have used the free PRTG version for such cases before.

Go to solution
loc.nguyen
Level 1
Level 1

‎05-09-2022 12:30 PM

Thanks, Can we export Netflow data  via outside interface?

 

Is is possible if you send a link for that?

 

Thanks

 

Loc

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to loc.nguyen

‎05-10-2022 04:55 AM

Netflow data is exported from the diagnostic interface. However that traffic can be routed in your network back though the inside to the outside.

Go to solution
loc.nguyen
Level 1
Level 1
In response to Marvin Rhoads

‎05-11-2022 09:54 AM

Hi,

 

I tried to set up netflow on an ASA in another city, outside interface. And export it to my home lab (99.x.x.22). I use PRTG in my lab. It did not work yet. Do you think it is ASA config need to check ?

 

flow-export destination outside 99.x.x.22 5555
flow-export template timeout-rate 15
flow-export delay flow-create 60

class-map flow_export_class
match any

policy-map global_policy
class flow_export_class
flow-export event-type all destination 99.x.x.22

service-policy global_policy global

 

Thanks

 

Loc

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to loc.nguyen

‎05-12-2022 08:26 AM

Check using the command "show flow-export counters". If that indicates flow records are being sent (run it more than once to see the number increment) then check a packet capture at the ASA (and possibly the PRTG server) to make sure the records are leaving the ASA outside interface and arriving at the server.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card