All of you must have already heard about Cisco ASA now supporting NetFlow export through a flow format called NetFlow Secure Event Logging (NSEL ). This now provides users the ability to do almost real time traffic analysis and bandwidth monitoring on their firewall devices too. NetFlow support from ASA received very excellent responses from users because of which we at NetFlow Analyzer started support for not just plain ASA NetFlow reports but also for NATed information available in the ASA NetFlow packets.

With NetFlow support, I am sure a number of users out there will like to know the best and easiest way to configure ASA for NetFlow export. Check out the steps below to configure NetFlow export on ASA via ASDM:

Configuring Flow Collector:

In ASDM, under Configuration go to Device Management > Logging > NetFlow

Here, you can set the NetFlow Analyzer server IP address, the ASA interface through which NetFlow packets are to be exported and the NetFlow listener port (By default it is 9996). When you choose the interface, select the interface which connects to the server where NetFlow Analyzer is installed. You can also set the template packet send frequency and disable syslogs that are redundant after the NetFlow information extraction.

Set the template time out rate as 1 minute and delay transmission of flow creation events for short-lived flows to be 60 seconds.

Then click on Apply to write the commands on ASA.

Configuring NetFlow information extraction:

To enable the ASA to start sending information to the NetFlow Analyzer defined above you need to go to Firewall > Service Policy Rules.

Then you need to create a new service policy that needs to be applied GLOBALLY.

And then define the collector that statistics for this traffic will be sent to (was defined initially).

Once the service policy is created click on Apply to write the commands on ASA.

To configure Cisco ASA through CLI click here .

Once the configuration is complete, NetFlow data will be exported and you will start seeing results in NetFlow Analyzer.

Demo | Download 30-day Trial | Twitter  | Customers

Hope you have seen the last blog regarding the reporting enhancements we made in NetFlow Analyzer Version 8 . In continuation of the last blog, some of the other reporting enhancements.

1. New averages for Traffic Report (5 and 15 Minute)

2. Global Search Function

3. Enhanced CBQoS Reporting.

Traffic Reports:

In earlier versions of the product, traffic reports generated for less than 24 hour period were shown in 1 minute granularity. As the time period increased, the granularity also increased. But we had demands for other granular reporting like 5 minutes which would enable users to compare their NetFlow statistics with SNMP statistics because the difference between 1 minute average and 5 minute average was much higher than required and also called for the user to do a manual comparison.

We have now introduced new reporting granularity to the traffic reports where data can be shown in 1 minute, 5 minute or 15 minute averages. Users can now get a better picture for capacity planning based on different averages and can also compare the NetFlow statistics with SNMP based statistics avoiding manual calculation. Users can also also generate conversation reports for all these averages helping users find the cause for change in traffic pattern visibility reports.

Global Search Report :

Users looking for an IP Address, port, protocol or for that matter, any information, had to select an interface and then use a troubleshoot report to search for their requirement. A global search option was one of the most requested feature form customers and evaluators alike. Just as most of our features are defined by users, we introduced the ''Global Search' function in Version 8.

This report helps users to generate reports for IP address, Port, network, nodes, Application, DSCP..., etc by entering their criteria in the 'Global Search' box available in the top right corner of the UI from every page. When you enter a criteria here and search, the results are generated for the specific value after searching all the interfaces being monitored with NetFlow Analyzer .

Enahanced CBQoS Reporting:

Quality of Service refers to the ability to provide better treatment for some applications over other services in the network. The primary goal of implementing QoS in business critical networks includes priority routing for critical applications through dedicated bandwidth, controlling jitter and latency. Configuring QoS can also limit the bandwidth used by non critical network traffic and so makes network performance more predictable and bandwidth utilization much more effective.

We have discussed a lot about deploying CBQoS policies for improved network performance. You can find CBQoS blog series in this link. Until last version, CBQoS reorts will show only the parent policies with its pre and post policy and drop metrics . From Version 8, we list all the child policies created under the parent policy along with the pre and post policy, drop metrics for each child policy and even match statement based statistics. All the reports for CBQoS can also be exported to PDF and scheduled from this version which takes bandwidth management to a more easier level.

Do drop your suggestions for each of these features and let us know what else you would like to see in the future releases of the product.

Demo | Download 30-day Trial | Twitter  | Customers

At Manage Engine NetFlow Analyzer , we have always concentrated on having a simple, easy to understand GUI which can give the results you are searching for within minimal number of clicks and less than a minute. If you have used NetFlow Analyzer you certainly must have seen all the reporting options . If you have not, check our Online Demo to know how easy things are.

NetFlow Analyzer Version 8 brought in many features like VoIP monitoring, SNMP V3 and Cisco ASA support, Flexible NetFlow based NBAR, Geo Locations and so on. But along with these vertical enhancements, we have also topped up the reporting capabilities to help users get more from the product. I will explain some of the enhancements we made in Version 8 through this blog.

Consolidated Device Reports:

Until the last version, Consolidated report was available for Interfaces and IP groups. This single page report lists the traffic graph for a selected interface or IP group with the top 10 Applications, Source and Destination for IN and OUT directions. Same as consolidated report for Interface or IP group, NetFlow Analyzer 8 provides an option to generate a consolidated report for a device itself.

Consolidated Report for a device lists traffic graph with Top Interfaces based on Utilization and Speed, Top Application, Protocol, Source, Destination, Conversation, DSCP etc. This report can be generated for last hour and up to last 24 hours. With this report, NetFlow Analyzer provides a view of traffic at the device level giving you an idea on the high usage devices. The report should help get a more detailed visibility on device traffic, narrow down on the performance of device in relation to traffic passing and helps understand the traffic pattern on the devices.

This Report can be generated by clicking on Device Name or IP address from the Interface View or Dashboard.

Enhanced Schedule of Reports.

Schedule reporting option lets users create reports about the information they need and have it automatically emailed to them on a daily, weekly or monthly basis. The reports can be send to multiple email addresses defined by the users and the reports are also saved within the product for later access. Until the last version, only two types of reports were possible, Consolidated Report and Custom Report, both of which could be scheduled for Interfaces and IP groups.

Version 8 introduced the "One Click" Schedule option. This allows users to create schedules for any report they see on the screen. Say, you are looking at a Application report for an interface and you would like to have it emailed to you, use the 'Once Click' schedule.

The reports (for Traffic, Application, Source, Destination, Conversation, QoS, NBAR, CBQoS, etc) can be scheduled for Interfaces and IP groups using the one click option. You now don't have to go into Schedule Settings, create schedule and etc. This one click schedule is keeping in tandem with our aim for fewer clicks and faster reporting.

This is not it. We do have other enhancements in reporting like 'Global Search', '5, 10 and 15 minute averages' and will walk you through them in our next blog.

Demo | Download 30-day Trial | Twitter  | Customers

Download  | Online Demo  | Enterprise Edition overview [video] | Twitter

Related Read:

• Configuring Billing
  
• Billing / chargeback
  
• Department wise bandwidth usage
• IP Groups

Download | Interactive Demo | Product overview video | Twitter | Customers

NetFlow Analyzer has various reports which helps users monitor bandwidth, do traffic analysis, drill down on network spikes, do trend analysis and make capacity planning decisions. With NetFlow Analyzer Version 8 , we have brought in Geo Location based report for IP Addresses.

What is Geo Location IP?

Geo Locations reports of IP Addresses provides businesses with a non-invasive way to determine region based information about the source and destination of traffic in real-time. This report can help determine to which country or region he was heading. Geo Locations reports of IP Addresses will help us in following:

1. Fraud Detection

2. Geo Marketing

3. Target Content

4. Spam fighting

5. Traffic Analytics

It helps ISP's and enterprises determine the location of their traffic and thus help in determining the routing and AS pairing for better performance and cost savings.

Geo Location IP in NetFlow Analyzer.

The Source and Destination Tab in NetFlow Analyzer gives traffic utilized by each IP addresses for the selected time period. Until the last version, these reports helped you to identify the IP Addresses contributing to the traffic on each interface either at the source or destination level. With the new feature, you can view the Region wise (Country) traffic distribution. The Geo Location reports for IP Addresses list top 10 IP addresses for each region on the Source and Destination Tab.

Configuring GeoLocations.

After upgrading to Version 8, clicking on the Source or Destination tab will give an option "Show Geo Locations". When you click on this, NetFlow Analyzer will prompt you to provide proxy settings to download the Geo location database and update NetFlow Analyzer database with these locations. In case you do not prefer to provide the proxy details in NetFlow Analyzer, you can download the "countrycode.zip" from the prompt window that appears and extract it under the NetFlow Analyzer installation directory (<NetFlow_Home>\).

Now, click on "Show Geo Locations" and NetFlow Analyzer will list the region wise report for the traffic. Much more visibility than ever before !

Regards,

Praveen Kumar

Demo | Download 30-day Trial | Twitter  | Customers