These instructions assume:
- You’re running Firepower Management Center (FMC) software version 6.2 or higher.
- Firepower Threat Defence (FTD) devices are connected to your FMC device.
- The date, time and time zone are correctly set on the Firepower devices.
- You have login credentials and admin access to your Firepower Management Center.
- The IP address of your Auvik collector is known.
Add NetFlow configuration with FMC
First, configure the parameters for FlexConfig objects.
- Log into your Firepower Managed Center console.
- Navigate to Objects > Object Management.
- From the side navigation, select FlexConfig > Text Object.
- Search for NetFlow using the search bar in the top right corner. You’ll see three results. Each one needs to be configured.
netflow_destination configuration
- Click the edit pencil for netflow_destination.
- Change the variable count to 3.
- Add the following information:
- First field: management
- Second field: <Auvik collector IP>
- Third field: The port you’d like to use. It should be one of 2055, 2056, 4432, 4739, 6343, 9995, or 9996.
- Click Save.
netflow_event_types configuration
- Click the edit pencil for netflow_event_types.
- Set the variable count to 1, leaving only the row “ALL”.
- Click Save.
netflow_parameters configuration
The default values here are good for TrafficInsights. You shouldn’t need to edit anything.
Configure NetFlow interfaces
Configure the interfaces to send NetFlow data.
- From the Firepower Managed Center console, navigate to Devices > Device Management.
- From the list of firewalls running Firepower Threat Defence, select the firewall to be configured. This opens the Interfaces tab for that particular firewall.
- Select the interface that will send NetFlow. This will usually be the management interface-Diagnostic0/0. Edit the interface.
- Set the logical name to management and set an IP address for that interface (This IP address will be the source IP for the NetFlow data and must be in a subnet range set to Scan in Auvik.)
- Click OK.
- Click Save.
Assign the FlexConfig policy
Add the FlexConfig policy and assign it.
- From the Firepower Management Center console, navigate to Devices > FlexConfig.
- Click New Policy.
- Name the policy. Example: FTD-FlexConfig
- From the list of available firewalls running Firepower Threat Defence, choose the one you want.
- Click Add to Policy.
- Click Save.
- From the list of available FlexConfig objects, search and add Netflow_set_Parameters and Netflow_Add_Destinations.
- Click Save.