2 Replies Latest reply on May 23, 2013 6:03 AM by rainerp

    NTA and Monitoring/Reporting

    rainerp

      Hi

       

      I`m using NTA now since 2 month. Before we used Cisco MARS.

      Compared with the MARS the NTA reporting is pretty poor ..... or maybe i don't know how to do it.

       

      What i actually want to do is to monitor and/or report traffic caused by VPN users.

      So our VPN Users terminate at the edge firewall ... this firewall is sending netflow to NTA, and is also sending logon information to the radius server.

      Can somebody tell me how to get this information out of NTA?

       

       

      Thanx

        • Re: NTA and Monitoring/Reporting
          darragh.delaney

          Hi There,

          This is something I come across a bit as it seems to be a problematic area for NetFlow monitoring. Do you know of the client IPI addresses in the NetFlow traffic match up with the client IP addresses in the Radius events.

           

          I recently worked with someone to provide reporting in this area. We ended up deploying a traffic analysis system which used a SPAN port as a source instead of NetFlow. We mirrored the ports of the VPN systems connecting to the network core and then used AD logs to map what IP addresses were associated with what users.

           

          Darragh

            • Re: NTA and Monitoring/Reporting
              rainerp

              hi

               

              thanks for answering!

               

              i do not know the IP address of the teleworker. and in my opinion i don't need to now that.

               

              in the past we used a cisco MARS appliance, and my cisco firewalls where just sending their netflow events. on the MARS i had an report where i saw all the users (teleworkers) authenticatet through the cisco firewall.

              so actually (netflow) NTA should have that information ... i guess it's just an matter of implementing in NTA!!?