These instructions assume:
- You’re running Firepower Management Center (FMC) software version 6.2 or higher.
- Firepower Threat Defence (FTD) devices are connected to your FMC device.
- The date, time and time zone are correctly set on the Firepower devices.
- You have login credentials and admin access to your Firepower Management Center.
- The IP address of your Auvik collector is known.
If you have a shared collector and want to ensure that it receives netflow data to enable TrafficInsights, you will need to add the source IP address as a /32 in order for Auvik to register the flows from that specific address in the TrafficInsights portal. There may be some delay for the shared collector to receive the data after the change.
Note: Even if that source IP address is already being scanned, you must add a /32 targeting only the source IP address, due to some limitations, the collector can’t tell if it should be sent to site A or B.
Set the Auvik collector parameters
- Navigate to Objects
- Click on Objects Management
- Click on FlexConfig
- Click on Text Object
- Edit the netflow_Destination object
- In this variable, set the interface sending Netflow, the Auvik collector IP address, and the port
Note: You need to change the count to 3, it is 1 by default.
Create the FlexConfig Policy
- Navigate to Device
- Click on FlexConfig
- Click on New Policy
- Give a name to the policy
- Select the Firewall(s) to receive the policy
- Click Save
- Select the objects: Netflow_Add_Destination and Netflow_Set_Parameters
It will look like this: - Click Save
- Deploy on the target firewall
- Go to the Auvik portal
- Click on TrafficInsights
- Approve the flow
You may see a message in TrafficInsights informing you that no templates are being sent from the device. Do not troubleshoot it right away. Wait for about 30 to 60 minutes and check it again.