User guide
ManageEngine Firewall Analyzer :: User Guide
221
Zoho Corp.
Configuration for SSL WebVPN in Cisco ASA appliance
Firewall Analyzer requires syslog message IDs 722030 and 722031, which by default
is at debug level, to process Cisco SVC VPN logs. Set the information level to these
syslog IDs by executing below commands in global configuration mode:
hostname(config)# logging message 722030 level 6
hostname(config)# logging message 722031 level 6
You can confirm by executing the below command:
hostname(config)# show logging message 722030
Configuring Cisco ASA NetFlow Logs and Disabling NetFlow on Cisco ASA/ADM
using command line and ASDM
Firewall Analyzer support NetFlow version 9 packets, which is introduced in Cisco ASA
8.2.1/ASDM 6.2.1.
Configuring ASA device using console mode to send NetFlow version 9 packets to
Firewall Analyzer is given below:
•
As Firewall Analyzer is capable of receiving either Syslog or NetFlow packet from an
ASA box, disable Syslog and enable NetFlow.
To disable Syslog and enable NetFlow execute the following commands:
(config)# flow-export destination inside <Firewall Analyzer Server IP>
1514
(config)# flow-export template timeout-rate 1
(config)# flow-export delay flow-create 60
(config)# logging flow-export-syslogs disable ---> This command will
disable logging syslog messages
(config)# access-list netflow-export extended permit ip any any
(config)# class-map netflow-export-class
(config-cmap)#match access-list netflow-export
Associate global policy map with netflow class map
•
Option 1
If you have a global policy map, associate the above netflow class-map
netflow-export-class to the global policy.
For example: if your global policy map is named global_policy_asa, you
need to execute the below commands:
(config)# policy-map global_policy_asa
(config-pmap)# class netflow-export-class
(config-pmap-c)# flow-export event-type any destination <Firewall
Analyzer Server IP>
if the above command fails use the below: