cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
523
Views
0
Helpful
2
Replies

source destination graphs on firewall

t4tauseef33
Level 1
Level 1

Hi,

Is there any way we could see the high communication flow between the src and dst on the ASA firewall in real time? we could see the top 10 sources and top 10 destinations but it didn't match the flow. Also top 10 seems to be a limication, is there any way we can see the top 100 sources / destination?

Thanks

2 Replies 2

Panos Kampanakis
Cisco Employee
Cisco Employee

Unfortunately you cannot monitor a flow in ASDM. You can see the top talker but you cannot see their flows live.

There is no direct way to see the top 100 source either. With CLI you can do "sh localhost | i TCP" and sort the top 100 users with the most conns connection.

Not the most efficient way, but the GUI will not currently give you what you want.

I hope it helps.

PK

Adding to Panos comment, one  way I see you could  pool 100 top hosts would be if you have a router   behind asa-firewall inside where outbound/inbound traffic will cross insideRouter->ASA>outbound-inbound .  Run  netflow on the router ,  you can then use a robust netflow collector like Netflow analizer from ManageEngine  http://www.manageengine.com ,   I have this setup which successfully pools up to 200 top hosts outbound  traffic utilization per host.- see attach for screen shot example. .

Im not sure if a freeware netflow collector can pool this quantity of hosts traffic stats..

Regards

Jorge Rodriguez
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: