Cisco ASA is a security device that provides visibility on the nature of IN and OUT traffic and allows you to manage security policies more efficiently. Cisco ASA traffic monitoring and analysis plays an important role in preventing the network from any malicious or activities. Thus, a traffic monitoring tool like NetFlow Analyzer will help you to identify traffic that generated a large number of connections through your firewall and monitor the performance of your firewall policies.
With NetFlow Analyzer's real-time traffic graphs and reports, you can:
NetFlow Analyzer uses flow technologies to analyze the traffic patterns passing through your Cisco ASA firewall. Configuring flows from Cisco ASA provides a set of pre-bundled reports that helps to detect suspicious traffic in the network and allows you to apply ACL or service policies. For instance, even though your firewall is configured to allow only legitimate traffic, there is excess flow of traffic and it is affecting the performance of your firewall.
In case of such scenarios, the top five features you can look for in NetFlow Analyzer are:
The dashboard in NetFlow Analyzer will give you the details on top talkers in the network by usage such as top applications, protocols and IP addresses. Check for the excess or unusual traffic for specific ports or protocols in the network. Dashboard view gives the traffic details up to layer 7 applications which helps to identify the most used ports in the network. Once you identify the port, check if it is an external port which could cause a security threat.
Reports in NetFlow Analyzer gives an in-depth visibility to track the traffic based on set criterias and time. With custom search report, you can drill down to conversation level details to find out if the excess traffic is due to a particular application or a source or destination. Also, consolidated report for Cisco ASA will give you complete view of traffic details. With reports, you can also answer whats is traffic consumed by each IP address, what is the share of traffic for each applications and protocols and who are the top offenders and tragets in the network.
ASAM gives an in-depth view on the security events, happening in the network. It helps in detecting zero-day network intrusions. It classifies the security threats in to four different category and they are : 1. Bad Src – Dst 3. DoS attack 3. Suspect Flows 4. Scan/Probes. These categories are based on malformed TCP/UDP packets, invalid TOS flows and invalid source/destination.
Threshold-based alerts in NetFlow Analyzer notifies you whenever there is traffic spike or unusual traffic in the network. Set multi-level thresholds and get notified when the bandwidth usage is high in the network.
NetFlow Analyzer allows you to take control of your network once you find out the exact cause of the problem. If there are any external IPs that could be threat to your network, you can apply ACL and block the access. Also, if there are any non-business critical applications consuming excess traffic, you can re-configure your existing services policies and shape traffic.
Thus, NetFlow Analyzer helps you to answer the who, when and what of your network traffic. Apart from Cisco ASA, NetFlow Analyzer also provides complete traffic monitoring and security analytics for other firewall devices such as Fortigate, Sonicwall, Juniper, and other leading vendors in the market.
Troubleshoot faster and take control of your Cisco ASA monitoring with NetFlow Analyzer.