Hello,
Netflow is a great tool, however it is becoming a bit obsolete nowadays since DPI firewalls can do layer 7 inspection and can categorize/report on an application basis.
It feels a bit pointless to pay for a product that has a bar that says "70% of your traffic is TCP, 27% is UDP 2% is ESP and 1%ICMP".
Or having the internet report says that 90% of my traffic is "web traffic".
Or that my top talkers are "From RFC1918 to RFC1918".
So I have decided to try and improve the product.
I have manually added our internal networks through IPAM which gave me better visibility through the inside to inside traffic.
I have also googled and found the public IP addresses on some sites i.e. Sharepoint and created an app for that. I had to export the XML from NTA, import it in excel, manipulate the fields and then re-import it back.
It did the job, but although it sounds cool to do so, it is a pain to add Amazon since only its IP ranges is a 3kb text file!
Is there a better way of doing this? Besides enabling NBAR2 (which surprisingly is not supported in half of Cisco's products?).
Is there an NPM addon that inspects L7 traffic?