Customer is looking to enable Netflow on the Cisco Firepower appliances however the data will be in the format of Cisco Network Secure Event Logging (NSEL, based on NetFlow 9).
Note: Traffic does not claim any device support officially. The flows are supposed to be device independent. That said what ASA exports is not exactly netflow v9, it is called NSEL which is a slightly different version from V9. So, as of today this is not supported. There is no official document for device support.
(1) sysOID of the CISCO Firepower device
(2) nms-traffic-master.address.properties file does not have option: “enable.asa=true/false”
We’ve seen a problem with some specific models, for example this ASA (see link below) is NSEL (Network Security Event Logs) based flow which I assume we have not tested It before. Currently our LEAF collector does not have logic to parse these two new fields:
NF_F_FWD_FLOW_DELTA_BYTES – Initiator Octets
NF_F_REV_FLOW_DELTA_BYTES – Responder Octets
Enhancement request has been raised to enhance this:
Flows from Cisco ASA cannot be processed by Traffic iSPI
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.