Traffic visibility from outside the perimeter?

Unanswered Question
Jul 24th, 2008

Hi,

I'm wondering what others do to get NetFlow-like information from the routers outside their perimiter firewalls.

As far as I can tell, my ASA has no NetFlow-exporting features. I could puch a hole in the firewall so the external router can send to the NetFlow collector, but what are my alernatives?

Websense will tell me about my outgoing TCP traffic, but what about incoming? An IPS will alert me to anomolous traffic, but what if I just want to see how our incoming bandwidth is being used?

I'd like to hear people's thoughts.

Thanks!

- Steve

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Thu, 07/24/2008 - 07:39

Steve-

The ASA5580 supports netflow, but that's a pretty big box. I punch a hole in the firewall for netflow data. I think that is more secure than adding a 2nd NIC in the server and connecting it to the perimeter router :-) I guess you could put a netflow server in the perimeter network too. Depends on how much money you want to spend and how tight your security policies are.

Hope that helps

Actions

This Discussion