03-25-2024 11:10 PM
The scenario is that all traffic ingesting to flow sensor is north-south, and all hosts are NATed by public IPs. Currently, there is no east-west traffic. However, if east-west traffic were to ingest, would the hosts be visible as endpoints or network devices and all information pertaining to host machine will be visible? As currently host information is not being displayed. Or should we need to mirror the traffic without NAT?
Solved! Go to Solution.
03-29-2024 12:17 PM
Hi ayoub-akhtar,
I'm not sure I entirely understand your deployment, but it reads like you have a flow-sensor consuming spanned traffic after a NAT device (Like a firewall). And you want SNA to be able to stitch those flows together with NetFlow collected from an exporter on the inside collected via a flow-collector. I'm not sure it would do exactly that because the flow-sensor flows would be missing the NAT'd address from the inside of your environment. It might be more prudent to send NetFlow from your firewall (or NSEL if it is an ASA/FTD) to a flow collector. The NSEL telemetry would include fields for the NAT'd address as well as block/permit information for Access Control Rules. This would likely give your SNA solution everything it needs to stitch the flows together with your east-west traffic.
03-29-2024 12:17 PM
Hi ayoub-akhtar,
I'm not sure I entirely understand your deployment, but it reads like you have a flow-sensor consuming spanned traffic after a NAT device (Like a firewall). And you want SNA to be able to stitch those flows together with NetFlow collected from an exporter on the inside collected via a flow-collector. I'm not sure it would do exactly that because the flow-sensor flows would be missing the NAT'd address from the inside of your environment. It might be more prudent to send NetFlow from your firewall (or NSEL if it is an ASA/FTD) to a flow collector. The NSEL telemetry would include fields for the NAT'd address as well as block/permit information for Access Control Rules. This would likely give your SNA solution everything it needs to stitch the flows together with your east-west traffic.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide