How can we help?

How to configure NetFlow on Cisco devices with Firepower Management Center

Follow

These instructions assume:

  • You’re running Firepower Management Center (FMC) software version 6.2 or higher.
  • Firepower Threat Defence (FTD) devices are connected to your FMC device.
  • The date, time and time zone are correctly set on the Firepower devices.
  • You have login credentials and admin access to your Firepower Management Center.
  • The IP address of your Auvik collector is known.

Add NetFlow configuration with FMC

First, configure the parameters for FlexConfig objects.

  1. Log into your Firepower Managed Center console.
  2. Navigate to Objects > Object Management.
  3. From the side navigation, select FlexConfig > Text Object.
  4. Search for NetFlow using the search bar in the top right corner. You’ll see three results. Each one needs to be configured.

netflow_destination configuration

  1. Click the edit pencil for netflow_destination.
  2. Change the variable count to 3.
  3. Add the following information:
    1. First field: management
    2. Second field: <Auvik collector IP>
    3. Third field: The port you’d like to use. It should be one of 2055, 2056, 4432, 4739, 6343, 9995, or 9996.
  4. Click Save.

netflow_event_types configuration

  1. Click the edit pencil for netflow_event_types.
  2. Set the variable count to 1, leaving only the row “ALL”.
  3. Click Save.

netflow_parameters configuration

The default values here are good for TrafficInsights. You shouldn’t need to edit anything.

Configure NetFlow interfaces

Configure the interfaces to send NetFlow data.

  1. From the Firepower Managed Center console, navigate to Devices > Device Management.
  2. From the list of firewalls running Firepower Threat Defence, select the firewall to be configured. This opens the Interfaces tab for that particular firewall.
  3. Select the interface that will send NetFlow. This will usually be the management interface-Diagnostic0/0. Edit the interface.
  4. Set the logical name to management and set an IP address for that interface (This IP address will be the source IP for the NetFlow data and must be in a subnet range set to Scan in Auvik.)
  5. Click OK.
  6. Click Save.

Assign the FlexConfig policy

Add the FlexConfig policy and assign it.

  1. From the Firepower Management Center console, navigate to Devices > FlexConfig.
  2. Click New Policy.
  3. Name the policy. Example: FTD-FlexConfig
  4. From the list of available firewalls running Firepower Threat Defence, choose the one you want.
  5. Click Add to Policy.
  6. Click Save.
  7. From the list of available FlexConfig objects, search and add Netflow_set_Parameters and Netflow_Add_Destinations.
  8. Click Save.
Was this article helpful?
2 out of 6 found this helpful
Have more questions? Submit a request