cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

New Hall of Fame Member-Peter PAluch

163
Views
15
Helpful
3
Replies
Highlighted
Participant

Stealthwatch need VMware licensing and which one?

Hi we are looking at purchasing StealthWatch for VMware and to get started I need some clarification on what part numbers and how many per part. 

 

Cisco Stealthwatch Enterprise Data Sheet

https://www.cisco.com/c/en/us/products/collateral/security/stealthwatch/datasheet-c78-739398.html

 

For just the VMware appliance do I only need the following part numbers:

 

Cisco Stealthwatch Flow Collector Virtual Edition
L-ST-FC-VE-K9

Cisco Stealthwatch Management Console Virtual Edition
L-ST-SMC-VE-K9

Cisco Stealthwatch Flow Sensor, Virtual Edition
L-ST-FS-VE-K9

 

Would I just need one of each of the above? Can I just get away with 1 flow connector and 1 Management console?

 

Thanks,

Dan

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Stealthwatch need VMware licensing and which one?

Dan,

 

Start with just one Management Console (SMC) and one Flow Collector (FC).

 

Configure NetFlow v9 on all of your routers to export to the IP of the Flow Collector.

 

 

This will give you visibility into traffic moving across your WAN.

 

If you have a Internet connection to an Internet Service Provider at one of these sites you will probably want to understand flows to and from the Internet.  You can do that three different ways.  #1 - Some Firewalls can export their NAT translations via Syslog to the Flow Collector.  Stealthwatch can process those logs from Cisco and Palo Alto Firewalls.  #2 - If you have a proxy server (Squid, Blue Coat, Cisco, or McAfee) you can also send those proxy logs to the Flow Collector. #3 - You can install a Flow Sensor with interfaces on either side of the Firewall and export IPFIX from the FS to the Flow Collector.

 

I would start with this.  

 

The layer 2 switches sound like access devices attached to the router (collapsed bypassing the need for an aggregation layer).  If you have aggregation L3 switches at any site you can also export NetFlow from those.

 

Hope this helps.

 

Brian

 

 

Everyone's tags (1)
3 REPLIES
VIP Engager

Re: Stealthwatch need VMware licensing and which one?

Depends on what you looking for to deploy in the network.

I suggest to have all 3 for better robust solution.

 

Optional Components of the System

Flow Sensor

 

More features can be found here.

https://www.cisco.com/c/en/us/products/collateral/security/stealthwatch/datasheet-c78-739398.html

BB
*** Rate All Helpful Responses ***
Participant

Re: Stealthwatch need VMware licensing and which one?

Thank you Balaji...we have a 5 site WAN with up to 10,000 wireless clients and about 3,000 wired clients. At each of the 5 campuses we have about 8 IDF's with about 4 CIsco Layer 2 network switches in each closet.

 

I see that the SMC will from up to 25 Flow Collectors. Do we have to purchase 25 flow collectors or to we purchase one Part number: L-ST-FC-VE-K9 and that can be configured for say the FCVE-1000.

 

"The Stealthwatch Management Console aggregates, organizes, and presents analysis from up to 25 Flow Collectors, the Cisco Identity Services Engine, and other sources"

 

Thanks,

Dan

 

Cisco Employee

Re: Stealthwatch need VMware licensing and which one?

Dan,

 

Start with just one Management Console (SMC) and one Flow Collector (FC).

 

Configure NetFlow v9 on all of your routers to export to the IP of the Flow Collector.

 

 

This will give you visibility into traffic moving across your WAN.

 

If you have a Internet connection to an Internet Service Provider at one of these sites you will probably want to understand flows to and from the Internet.  You can do that three different ways.  #1 - Some Firewalls can export their NAT translations via Syslog to the Flow Collector.  Stealthwatch can process those logs from Cisco and Palo Alto Firewalls.  #2 - If you have a proxy server (Squid, Blue Coat, Cisco, or McAfee) you can also send those proxy logs to the Flow Collector. #3 - You can install a Flow Sensor with interfaces on either side of the Firewall and export IPFIX from the FS to the Flow Collector.

 

I would start with this.  

 

The layer 2 switches sound like access devices attached to the router (collapsed bypassing the need for an aggregation layer).  If you have aggregation L3 switches at any site you can also export NetFlow from those.

 

Hope this helps.

 

Brian

 

 

Everyone's tags (1)
CreatePlease to create content
Content for Community-Ad

Blog-Cisco Community Designated VIP Class of 2019