How can we help?

How to configure NetFlow on Cisco ASA firewalls

Follow

These instructions assume:

  • The date, time, and time zone are correctly set on the firewall.
  • NetFlow has not previously been enabled on this firewall.
  • You have Telnet or SSH credentials and admin access to your firewall.
  • The IP address of your Auvik collector is known.

If you have a shared collector and want to ensure that it receives netflow data to enable TrafficInsights, you will need to add the source IP address as a /32 in order for Auvik to register the flows from that specific address in the TrafficInsights portal. There may be some delay for the shared collector to receive the data after the change.

Note: Even if that source IP address is already being scanned, you must add a /32 targeting only the source IP address, due to some limitations, the collector can’t tell if it should be sent to site A or B.

Access the firewall CLI

  1. Telnet or SSH into the firewall.
  2. Enter privileged mode by typing enable and entering your enable password.

Configure the NetFlow exporter (ASA v.7.x)

Run the following command. Replace AuvikCollectorIP with the IP of your Auvik collector and AuvikPort with one of the following ports: 2055, 2056, 4432, 4739, 6343, 9995, or 9996.

class global_class
flow-export event-type all destination <AuvikCollectorIP>
class-map flow_export_class
match access-list flow_export_acl
flow-export destination <AuvikCollectorIP> <AuvikPort>
flow-export template timeout-rate 15
flow-export delay flow-create 60

Configure the NetFlow exporter (ASA v.8.4)

Run the following command. Replace AuvikCollectorIP with the IP of your Auvik collector and AuvikPort with one of the following ports: 2055, 2056, 4432, 4739, 6343, 9995, or 9996.

flow-export destination inside <AuvikCollectorIP> <AuvikPort>
flow-export template timeout-rate 15
flow-export delay flow-create 60
class-map flow_export_class match any
policy-map global_policy class flow_export_class flow-export event-type all destination <AuvikCollectorIP>
service-policy global_policy global
Was this article helpful?
7 out of 20 found this helpful
Have more questions? Submit a request