11-17-2009 07:31 AM - edited 03-09-2019 10:43 PM
Hi,
Is there any way we could see the high communication flow between the src and dst on the ASA firewall in real time? we could see the top 10 sources and top 10 destinations but it didn't match the flow. Also top 10 seems to be a limication, is there any way we can see the top 100 sources / destination?
Thanks
11-20-2009 11:56 AM
Unfortunately you cannot monitor a flow in ASDM. You can see the top talker but you cannot see their flows live.
There is no direct way to see the top 100 source either. With CLI you can do "sh localhost | i TCP" and sort the top 100 users with the most conns connection.
Not the most efficient way, but the GUI will not currently give you what you want.
I hope it helps.
PK
11-20-2009 06:22 PM
Adding to Panos comment, one way I see you could pool 100 top hosts would be if you have a router behind asa-firewall inside where outbound/inbound traffic will cross insideRouter->ASA>outbound-inbound . Run netflow on the router , you can then use a robust netflow collector like Netflow analizer from ManageEngine http://www.manageengine.com , I have this setup which successfully pools up to 200 top hosts outbound traffic utilization per host.- see attach for screen shot example. .
Im not sure if a freeware netflow collector can pool this quantity of hosts traffic stats..
Regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: