Monitor Traffice On ASA

Unanswered Question
Aug 4th, 2010
User Badges:

HI


I have an ASA 5505 . I want to monitor the netwrok via ASA. Like which ip is making network distrub. Somthing like that. Is it possible to to control users. Can I block un use full sites.


Thanks

Amardeep K

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.8 (6 ratings)
Loading.
Amardeep Kumar Wed, 08/04/2010 - 09:16
User Badges:

HI


I have 7.2 version , can I upgrade this. If yes how.


And any other way to monitor with same version I have.


Please suggest.


Thanks

Nagaraja Thanthry Wed, 08/04/2010 - 10:31
User Badges:
  • Cisco Employee,

Hello,


While netflow is the best way of doing it, if you are running 8.0 and above,

you could also use ASDM to track some of these things. ASDM gives you

information about top 10 devices that are using the bandwidth along with top

10 services. For you to use that, you need to enable threat detection

feature on the firewall.


Hope this helps.


Regards,


NT

dianewalker Thu, 08/05/2010 - 06:57
User Badges:

NT,


How do you enable threat detection feature on the firewall?  Once it is enabled, how do you set it up in ASDM?


Thanks.


Diane

Nagaraja Thanthry Thu, 08/05/2010 - 07:05
User Badges:
  • Cisco Employee,

Hello,


You can use the following command reference guide to configure threat-detection.


http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/p...


Once you enable threat detection, in the ASDM dashboard, you will see a section that talks about top 10 talkers. That will give you information about top 10 devices/services using your bandwidth.


Hope this helps.


Regards,


NT

dianewalker Thu, 08/05/2010 - 09:16
User Badges:

Thanks for your prompt response and information, NT.   I will check out the link.   One more question:  Does turning on threat detection affect the performance of ASA?   Would you leave threat detection on all the time or would you turn it on when you need it?  Thanks.


Diane

Nagaraja Thanthry Thu, 08/05/2010 - 17:26
User Badges:
  • Cisco Employee,

Hello,


Threat detection requires some amount of memory because it has to keep track of all the connections. Also, sometimes, if some inside hosts try to open lot of half-open connections, then they could be treated as attackers and may get shunned (you will have options to exclude devices if you like). Other than that there is no other issue in turning on the threat detection.


Hope this helps.


Regards,


NT

Allen P Chen Thu, 08/05/2010 - 19:50
User Badges:
  • Cisco Employee,

Hello,


Enabling threat-detection statistics will utilize additional resources on the ASA.  The following is mentioned in the command reference guide:


Enabling statistics can affect the security appliance performance, depending on the type of statistics enabled. The threat-detection statistics host command affects performance in a significant way; if you have a high  traffic load, you might consider enabling this type of statistics  temporarily. The threat-detection statistics port command, however, has modest impact.


http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/t.html#wp1499830

Actions

This Discussion