What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Is it possible to monitor Cisco ASA Firewalls using Netflow 9 and PRTG?

Votes:

0

Recently Cisco has implemented NetFlow 9 for its popular ASA 5500 security and firewall appliances. But this implementation of NetFlow is quite different from what other Cisco devices provide. It is called “Netflow Security Event Logging” (NSEL) and was originally introduced on the Cisco ASA 5580. Now, with the latest firmware (ASA 8.2.x or later), it is now extended to other Cisco ASA models.

How can I use that for network monitoring and bandwidth monitoring?

asa cisco firewall netflow prtg sflow xflow

Created on Feb 9, 2010 2:36:55 PM by  Daniel Zobel [Product Manager]

Last change on Feb 26, 2010 11:52:45 AM by  Daniel Zobel [Product Manager]



1 Reply

Accepted Answer

Votes:

0

In fact ASA NetFlow was initially not intended to be used for realtime/live traffic analysis (it was created for monitoring of security events)… But it is still a viable option for bandwidth monitoring. This option is fully supported in PRTG Network Monitor, including bandwidth computation, Top Talkers, Top Connections and Top Protocols!

Compared to "normal" NetFlow the following limitations apply:

  • You will not see the real time data: The NSEL monitoring sends a NetFlow data packet only after a connection has been torn down. If a connection is active for minutes or hours, the ASA sends one NetFlow packet with the total of the connection. This causes peaks in PRTG’s graphs while showing too little traffic before that.
  • Flows on the ASA are bidirectional (all counters for a flow will increase for traffic flowing in and out)
  • NetFlow 9 monitoring on the ASA comes at a price: CPU load.

The following screenshot shows a comparison of the bandwidth monitoring results of three different techniques. It shows traffic through an ASA device measured using SNMP (traffic on the “WAN” port), NetFlow 9 (analyzing NetFlow 9 packets of the next Cisco router upstream) and again NetFlow 9 (NetFlow9 from the ASA itself).

SNMP / NetFlow / NetFlow Traffic Comparison

SNMP / NetFlow / NetFlow Traffic Comparison (click to enlarge)

More

Created on Feb 9, 2010 2:40:24 PM by  Daniel Zobel [Product Manager]

Last change on Apr 28, 2014 4:23:05 PM by  Gerald Schoch [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.