A little while back I wrote a Understanding NetFlow and its role in traffic analysis and as a transport protocol on network traffic analysis using NetFlow and talked specifically about NetFlow support on the Csico ASAs. One of the primary uses for NetFlow on the Cisco ASAs is as a tranport protocol for security events. That said, recently we learned that you can use NetFlow for traffic analysis on the Cisco ASAs, which is different than I'd understood at the time I wrote that post.

Long story short, not only can you now analyze traffic using NetFlow on the Cisco ASAs but the Orion NetFlow Traffic Analyzer (Orion NTA) version 3.5 SP2 now supports this as well. This means that if you own Orion NTA and have active maintenance you can install the latest version and begin analyzing traffic on your Cisco ASAs now. This is really important as many companies don't have adjacent devices to the ASAs that they can use to analyze the traffic. I've seen many networks where remote sites are connected with a Cisco ASA with a 3750 behind it - which until now meant that they couldn't leverage NetFlow to analyze the traffic.

There is a caveat to the support of NetFlow on the ASA. The ASA doesn't report traffic statistics for flows until the flow terminates. On most routers and switches you will also get flow statistics periodically while the flow is in progress. Keep this in mind as you're investigating traffic traversing your Cisco ASAs.

We've also documented the required configuration parameters for the ASA to enable NetFlow export here in the SolarWinds Knowledge Base.

Good luck and let us know if you have any questions.


Flame on...
Josh