08-04-2010 08:40 AM - edited 03-11-2019 11:21 AM
HI
I have an ASA 5505 . I want to monitor the netwrok via ASA. Like which ip is making network distrub. Somthing like that. Is it possible to to control users. Can I block un use full sites.
Thanks
Amardeep K
08-04-2010 09:13 AM
Hello,
If your ASA is running software version 8.2 or above, you can configure NetFlow to monitor network traffic:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/monitor_nsel.html
08-04-2010 09:16 AM
HI
I have 7.2 version , can I upgrade this. If yes how.
And any other way to monitor with same version I have.
Please suggest.
Thanks
08-04-2010 10:31 AM
Hello,
While netflow is the best way of doing it, if you are running 8.0 and above,
you could also use ASDM to track some of these things. ASDM gives you
information about top 10 devices that are using the bandwidth along with top
10 services. For you to use that, you need to enable threat detection
feature on the firewall.
Hope this helps.
Regards,
NT
08-05-2010 06:57 AM
NT,
How do you enable threat detection feature on the firewall? Once it is enabled, how do you set it up in ASDM?
Thanks.
Diane
08-05-2010 07:05 AM
Hello,
You can use the following command reference guide to configure threat-detection.
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/protect.html#wp1058270
Once you enable threat detection, in the ASDM dashboard, you will see a section that talks about top 10 talkers. That will give you information about top 10 devices/services using your bandwidth.
Hope this helps.
Regards,
NT
08-05-2010 09:16 AM
Thanks for your prompt response and information, NT. I will check out the link. One more question: Does turning on threat detection affect the performance of ASA? Would you leave threat detection on all the time or would you turn it on when you need it? Thanks.
Diane
08-05-2010 05:26 PM
Hello,
Threat detection requires some amount of memory because it has to keep track of all the connections. Also, sometimes, if some inside hosts try to open lot of half-open connections, then they could be treated as attackers and may get shunned (you will have options to exclude devices if you like). Other than that there is no other issue in turning on the threat detection.
Hope this helps.
Regards,
NT
08-05-2010 07:50 PM
Hello,
Enabling threat-detection statistics will utilize additional resources on the ASA. The following is mentioned in the command reference guide:
Enabling statistics can affect the security appliance performance, depending on the type of statistics enabled. The threat-detection statistics host command affects performance in a significant way; if you have a high traffic load, you might consider enabling this type of statistics temporarily. The threat-detection statistics port command, however, has modest impact.
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/t.html#wp1499830
08-04-2010 10:39 AM
Hello,
If you have a service contract associated with your CCO account, then you can download the software here:
Hope that helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide