03-14-2017 12:42 AM - edited 05-04-2020 04:27 AM
How to configure NSEL (~NetFlow) on Cisco Firepower Threat Defense (FTD) using the FlexConfig feature introduced in Firepower Management Center (FMC) software version 6.2
See the attached doc.
Note that in a few versions of FTD code, the Flexconfig deployment for NetFlow as given in this document, may fail. This is due to a minor bug. Check out my comment in this article (scroll towards the bottom of the page) talking about this bug and its workaround.
Note that this document is applicable only if you are using managing your firewall using FMC. If you are using the on-box management functionality using Firepower Device Manager (FDM), then you may want to look at this article
Dear God,
Bless who ever wrote this document.
Seriously, EXCELLENT document. Thank you!!!!
Where do you download version 2 from?
Only this article is version 2 because any edits you make to the page content and the version number is incremented automatically. The actual document is still v1 and it is fine. Unless you have any specific feedback/suggestions that needs to be incorporated.
Thanks!
Thank you!
Great document. Is it a caveat that the "diagnostic" port on a 5516 is different than the "configured MANAGEMENT port and can't be on the same subnet as my inside interface?
Hello Anand,
We upgrade our FTDs to v6.2.3.1-43 from v6.2.0.1-59 and we are no longer getting netflows from the FTDs. Is there a newer version or update?
Note that in a few versions of FTD code, the Flexconfig deployment may fail. This is due to the presence of an undesired INVISIBLE character in the default Netflow_Add_Destination Flexconfig object. It is a known minor bug.
Check out the below screenshot:
In case if you face this, then you will have to create a copy of this Flexconfig object. Note that you cannot edit the default Flexconfig objects, hence creation of a copy is required. Then edit manually and remove the undesired INVISIBLE character.
Check out the below screenshot. Note that since the character is invisible, both before and after change would appear similar.
Now you can use this copy in your FTD configuration as mentioned in the document provided in this article.
Note that similar needs to be done for the default Netflow_Delete_Destination Flexconfig object.
If this does not solve the issue, then reach out to the appropriate tech support as applicable.
Thanks!
This was so helpful!!
hi all
can we send application name infos discovered by firepower system to stealthwatch, or do we need also flow sensor appliance just for app-name. ?
Thanks
HI,
I have a Firepower 4100 with FTD 6.3.0.1 instances. I need configure NSEL to Stealthwatch with management interface but i always get a deployiment error. The deployment only works with diagnostic as interface in flow-exporter destination.
Can someone help me with the configuration for send the records througth the FTD management interface in this platform?.
Regards
Excellent document with nice detailing. Working as expected.
This is a great document - Thank you.
I have a question - can we use this and add two NetFlow collectors somehow ?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: