cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Blog- Changes on Community Labels

Configuring NSEL (~NetFlow) on Cisco Firepower Threat Defense (FTD)

11263
Views
46
Helpful
11
Comments

How to configure NSEL (~NetFlow) on Cisco Firepower Threat Defense (FTD) using the FlexConfig feature introduced in Firepower Management Center (FMC) software version 6.2
See the attached doc.

Note that in a few versions of FTD code, the Flexconfig deployment for NetFlow as given in this document, may fail. This is due to a minor bug. Check out my comment in this article (scroll towards the bottom of the page) talking about this bug and its workaround.

Comments
Community Member

Dear God,

Bless who ever wrote this document.

Community Member

Seriously, EXCELLENT document.  Thank you!!!!

Beginner

Where do you download version 2 from?

Cisco Employee

Only this article is version 2 because any edits you make to the page content and the version number is incremented automatically. The actual document is still v1 and it is fine. Unless you have any specific feedback/suggestions that needs to be incorporated.

Thanks!

Thank you!

Cisco Employee

Great document. Is it a caveat that the "diagnostic" port on a 5516 is different than the "configured MANAGEMENT port and can't be on the same subnet as my inside interface?

Frequent Contributor
Excellent!!
Beginner

Hello Anand,

 

We upgrade our FTDs to v6.2.3.1-43 from v6.2.0.1-59 and we are no longer getting netflows from the FTDs.  Is there a newer version or update?

Cisco Employee

Note that in a few versions of FTD code, the Flexconfig deployment may fail. This is due to the presence of an undesired INVISIBLE character in the default Netflow_Add_Destination Flexconfig object. It is a known minor bug.

Check out the below screenshot:

 2018-11-05_134116.png

 

 

In case if you face this, then you will have to create a copy of this Flexconfig object. Note that you cannot edit the default Flexconfig objects, hence creation of a copy is required. Then edit manually and remove the undesired INVISIBLE character.

Check out the below screenshot. Note that since the character is invisible, both before and after change would appear similar.

 2018-11-05_133737.png

 

Now you can use this copy in your FTD configuration as mentioned in the document provided in this article.

 

Note that similar needs to be done for the default Netflow_Delete_Destination Flexconfig object.

 

If this does not solve the issue, then reach out to the appropriate tech support as applicable.

 

Thanks!

Beginner

This was so helpful!!

Enthusiast

hi all

 

can we send application name infos discovered by firepower system to stealthwatch, or do we need  also flow sensor appliance just for app-name. ?

 

Thanks 

 

 

CreatePlease to create content
Blog-Cisco Community Designated VIP Dinner CLEUR2019