You’ve probably already heard about Cisco ASA now supporting NetFlow export through a flow format called NetFlow Secure Event Logging (NSEL). This now provides users with near real-time traffic analysis and bandwidth monitoring on their firewall devices. Because of how well received this was with users, we at NetFlow Analyzer are now offering support for not just plain ASA NetFlow reports but also for NATed information available in the ASA NetFlow packets.

With NetFlow support, you may be wondering what the best and easiest way to configure ASA for NetFlow export is. Check out the steps below to configure NetFlow export on ASA via ASDM.

Configuring flow collection

Under Configuration in ASDM, go to Device Management > Logging > NetFlow.

Here, you can set the NetFlow Analyzer server IP address, the ASA interface through which NetFlow packets are to be exported and the NetFlow listener port (by default, it is 9996). When you choose the interface, select the interface that connects to the server where NetFlow Analyzer is installed. You can also set the template packet send frequency and disable syslogs that are redundant after the NetFlow information extraction.

Set the template time-out rate as one minute and delay the transmission of flow creation events for short-lived flows to be 60 seconds.

Then click Apply to write the commands on ASA.

Configuring NetFlow information extraction

To enable the ASA to start sending information to NetFlow Analyzer as defined above, you need to go to Firewall > Service Policy Rules.

You then need to create a new service policy that needs to be applied globally.

Next, define the collector to which statistics for this traffic will be sent (defined initially).

Once the service policy is created click Apply to write the commands on ASA.

To configure Cisco ASA through CLI, click here.

Once the configuration is complete, NetFlow data will be exported, and you will start seeing results in NetFlow Analyzer.

Demo | Download a 30-day trial | Customers

  1. JR

    So this will inspect all traffic (not just what is in the default inspection) and allow Netflow – correct?

    I could try this on a office ASA with little impact if it goes wrong, but hesitant to try on a Production ASA.

  2. Muhammad Younas

    Hi,
    I configured the same way. Netflow Anaylyzer started receiving netflow packets but showing nothing under interfaces. Always show “Total in 0 and Total Out 0”. Please help.

    Thanks

    • Senthil.N

      I think you are mentioning the IN / OUT in devices tab. Let us know what happens when you click and drilldown to interface name. Send us the screen shot to nfs@manageengine.com.

      • JR

        Same problem here, receiving packets, but no data anywhere

  3. Hi Avinash,

    The reason is because it is an issue with ASDM version. You need to upgrade the ASDM to recent version to fix the issue.

  4. Avinash

    I am not able to add flow event in global-class

    Please help

  5. Ita, Bassey E.

    We actually need the configuration via command line, as we do not manage our ASA firewall using ASDM.
    Kindly send us the config.
    Thank you.