Date: Thu, 28 Mar 2024 09:40:23 +0100 (CET) Message-ID: <995380085.7716.1711615223705@ubuntu-16gb-nbg1-1> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_7715_1696273625.1711615223705" ------=_Part_7715_1696273625.1711615223705 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Cisco ASA devices are primarily designed for network security and not tr= affic routing, and as a result NSEL does not provide complete export capabi= lity. Read more at = Choosing Export Protocol.
This section offers a brief guide for configuring&nb=
sp;NSEL export on a Cisco ASA device. NSEL stands for
Devices | Versions | Notes |
---|---|---|
Cisco ASA | 8.4(5)+ | Excluding 8.5(1), 8.6(1), 8.7(1), 9.0(1), = and 9.1(1) |
First define the interface for NSE= L export.
ASA(con= fig)# interface fa 0/0 ASA(config)# nameif inside
Define the NetFlow global paramete= rs. Define a NetFlow collector IP address&nbs= p;that can be used in the policy-map = (in this example collector IP address is 1.1.1.1).= The port is arbitrary and based on the collector implementation.
ASA(con= fig)# flow-export destination inside 1.1.1.1 2055
OPTIONAL: Configure a delay for fl= ow-create NSEL events in seconds. Increasing flow-create delay will ca= use fewer NSEL events to be exported to NetVizura NetFlow collector. E.g. s= etting delay to 120 will cause only one NSEL event to be exported, for flow= s shorter than 2 minutes.
ASA(con= fig)# flow-export delay flow-create 120
OPTIONAL: Configure the template <= span style=3D"color: rgb(88,88,91);">timeout-rate. These are mi= nutes between sending a template record to NetVizura NetFlow collector. Net= Vizura requires templates in order to process flow exports. E.g. if you set= timeout-rate to 30 it may take up to 30 minutes before you see any data in= the charts. After that NetVizura will continue processing flows without an= y delay.
ASA(con= fig)# flow-export template timeout-rate 5
Configure flow-update events to provide periodic byte counters for= flow traffic. This represents an interval between two NSEL update events i= n minutes. NetVizura requires this value to be less than 5= . Smaller value of refresh interval will produce bigger load on NetViz= ura NetFlow collector, but it will provide more accurate traffic statistics= .
ASA(con= fig)# flow-export active refresh-interval 1
Next create an ACL to flag interes= ting traffic and apply it to a class-map
ASA(con= fig)# access-list flow_export_acl extended permit ip any any ASA(config)# class-map flow_export_class ASA(config-cmap)# match access-list flow_export_acl ASA(config-cmap)# exit
Configure a unique NetFlow policy = map and apply it globally. "ev= ent-type" option defines what = you want NSEL to export (all, flow-create, flow-update, flow-deny, flow-tea= rdown).
ASA(con= fig)# policy-map flow_export_policy ASA(config-pmap)# class flow_export_class ASA(config-pmap-c)# flow-export event-type all destination 1.1.1.1 ASA(config-pmap-c)# service-policy flow_export_policy global ASA(config-pmap-c)# end
If you create a new policy map and apply it globally according to the pr= evious step, the remaining inspection policies are deactivated. Alternative= ly, to insert a NetFlow class in the existing policy, enter the class flow_= export_class command after the policy-map global_policy command.
For more information about creating or modifying the Modular Policy Fram= ework, see the firewall configuration guide.