06-02-2015 10:37 PM - edited 03-12-2019 05:41 AM
Hi all
I'm trying to understand how Sourcefire/Firepower uses my netflow data. I have a Virtual Defence Center up and running and four ASAs with Firepower services reporting to it. All data flows seems to work and I've even done some IPS tests with promising results.
However I have a few Cisco routers in my network that I would also like to use in the System but so far I haven't figured out how. For example, should I have the routers send flow data to the Defence Center or to the Firepower modules in the ASAs? When I follow the Network Discovery steps in the user manual I get to set up a discovery policy using the netflow sources but those policies are only deployed to the Firepower modules in the ASAs.
I realize the discovery information will not be as complete using only netflow data as it is with traffic flowing through the ASAs but it will still improve my visibility.
Regards
Fredrik
06-10-2015 07:21 AM
Hi,
this is a bit unclear how to actually do it but my understanding is that you need an extra Sourcefire 3D managed sensor to leverage netflow data. So there's no native netflow support in defense center.
From user guide http://www.cisco.com/c/en/us/td/docs/security/firesight/541/user-guide/FireSIGHT-System-UserGuide-v5401/Discovery-Config.html#61546
Because the FireSIGHT System uses managed devices to analyze NetFlow data, your deployment must include at least one managed device that can monitor your NetFlow-enabled devices. At least one sensing interface on that managed device must be connected to a network where it can collect the data that your NetFlow-enabled devices export. Because the sensing interfaces on managed devices do not usually have IP addresses, the system does not support the direct collection of NetFlow records.
06-11-2015 02:32 AM
So if I understand this correctly, there is no point sending netflow data to the FireSIGHT/Sourcefire Virtual DC? And I don't suppose the Firepower module in my ASAs can use the netflow data?
/Fredrik
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide