ASA Firewall IOS version 8.4.5 and newer show no data in RA/NFA.

Document created by Christopher_Walsh Employee on Jun 25, 2014
Version 1Show Document
  • View in full screen mode

There is a known issue with Cisco ASA Firewall devices with an IOS version of 8.4.5 and newere where NetFlow data will not be displayed.

This is caused by a change in the way Cisco sends NetFlow data from newer ASA Firewall devices.

 

They specifically have converted the "Octects" field into two new files called, "Intiator Octects" and "Responder Octets".  These fields were meant to give directionality to the NetFlow data, however RA/NFA does not yet recognize these as valid netflow fields and discards the data.

 

In the link below, we document the required fields needed in order to properly display NetFlow data in RA/NFA and how to verify that data:

https://communities.ca.com/web/ca-ehealth-and-ca-spectrum-global-user-community/message-board/-/message_boards/message/101607826?&#p_19

 

If you follow the steps from the doc above to run and decode the NetFlow from an ASA firewall you will see that there is no field called just "Octects" which is the reason why data is discarded.

 

Changing the way NFA handles this data is being reviewed for a future release, but we do not have any confirmation as to when it may be added to the product yet at this time.

 

As always we encourage the use of the Idea Wall to submit enhancement requests like this, so that Product Management can prioritize Enhancement requests.

 

This document was generated from the following discussion: ASA Firewall IOS version 8.4.5 and newer show no data in RA/NFA.

Attachments

    Outcomes