cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2194
Views
0
Helpful
4
Replies

Netflow on Asa

sv7
Level 3
Level 3

Hello All,

 

Need to configure Netflow on Cisco FTD 2130 running ASA image. Could anyone guide me is it any hardware or software limitation i need to look to configure netflow on my device or i can follow any ASA command guide to configure netflow

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

If you running ASA code on Firepower, you follow same ASA command

 

below guide help you :

https://www.cisco.com/c/en/us/td/docs/security/asa/special/netflow/asa_netflow.html

 

we use NPM below guide help me :

 

https://support.solarwinds.com/SuccessCenter/s/article/NetFlow-Configuration-Example-Cisco-ASA?language=en_US

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

@sv7 this information can be found by checking the cisco docs or using google.

 

E.g.

https://community.cisco.com/t5/security-documents/netflow-on-asa/ta-p/3119176#toc-hId--1895058384

Limitations

  • Template refresh records can only be sent based on time intervals, not based on number of data records.
  • NetFlow records can not be seen live on the ASA as data is collected.
  • NetFlow has a significant performance impact, but it should not be any worse than normal syslog operations of the same information. There will be an uptick in memory but it should also be minimal. NetFlow configured with overlapping syslogs can cause a significant performance hit.

 

 

Hello Rob,

 

Thank you for your reply.

 

Could you please put more light on below sentence.

 

NetFlow has a significant performance impact, but it should not be any worse than normal syslog operations of the same information. There will be an uptick in memory but it should also be minimal. NetFlow configured with overlapping syslogs can cause a significant performance hit.

 

Would my asa reboot or anything that would cause network interruption in my organisation ?

 

Also What can I do to prevent or avoid such performance hit

 

 

 

 

 

@sv7 

Most of the cisco netflow documentation on the internet and provided here is quite dated, hardware performance has increased considerably since some of those cisco guides were created. We've no idea about your network infrastructure, nor the load on your existing hardware. There will be some performance impact, but if your ASA is running at 5% CPU, then enabling netflow, another 5-15% (if that) CPU load increase isn't going to make a difference to the overall performance.

 

Here is a link with a load of information on netflow performance, read through. Here is another.

 

If you think enabling netflow is going to be a problem, you can avoid a performance hit by not enabling netflow.

 

You need to determine the current load on your ASA and use your judgment before enabling.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: