NetFlow is a network protocol developed by Cisco Systems that enables network administrators to collect and analyze network traffic data. It provides a method for capturing and recording detailed information about each network flow, including source and destination IP addresses, packet and byte counts, protocol types, and other relevant details. Cisco secure firewall can also send netflow data to SNA or any netflow collector.
The main purpose of NetFlow is to help network administrators understand how their network is being used and identify any issues that may arise. By analyzing the data collected through NetFlow, administrators can gain insight into traffic patterns, identify potential security threats, and optimize network performance.
In this post we have used Cisco secure firewall version 7.3.1 version. From 7.4 there is a native configuration which can be done using platform setting.
Configuration of cisco secure firewall to send netflow data
Step 1> Configure network flow destination. Navigate to objects > FlexConfig > netflow_destination > Edit. Make the count to 3 and specify interface name , ip address of flow collector, port number
Step 2> Configure netflow Event Types: Select type as all and remove all other variable type
Step 3> Update the netflow parameters as shown in the screenshot:
Step 4> Copy the existing Netflow_Add_destination object and name it as per your ease.
Step 5> Copy existing Netflow_set_parameters and name it as per your ease.
Step 6> As of cisco secure firewall version 7.3.1 the netflow configuration need to be done using flex configuration. natively its not available. Under devices navigate to FlexConfig and add/update a FlexConfig policy:
Select the two objects Destination object, parameter object as shown in figure and apply the policy to the desired FTD.
Step 7> Deploy the changes to the FTD.