I have a windows (Web Marshal) proxy almost everyone goes through aside from servers and a few IT people, that is hooked up to a CISCO 4500 (with basically no config....inherited mess), and then to a CISCO 3825 router (which I am currently monitoring with NPM and Netflow), and then to a PIX 515E with the typical inside, outside + dmz interface.
The snag in where I am getting lost is on the pix I have read you can't do netflow as well as on the pix it isn't my main firewall, this is just for a couple dmz servers, but 99 percent of traffic comes in through my internet router, through to the pix - up a vpn tunnel, scanned, etc and sent back from a 3rd party company.
I want to be able to trace the web traffic from the proxy by destination, bandwidth, etc (web marshal is horrible for reports), and also want to see how much bandwidth I am using on that vpn tunnel.
I am not sure if I should try to monitor the port on the 4500 (just read the thread on the 6509 in this forum and capturing a layer 2 port), and then see? I am seeing traffic from the default router but I never see where the proxy is going if the username isn't in the server (doesn't always show up and can't report on IP addresses), and I also want to monitor the pix overall for security/alerting? Soon I am going to a new proxy that I will setup inline but then with that pix config I don't know if I will see what I want either.
thx in advance!