Wednesday, November 11, 2020

Question a new Netflow type of solution

I want to improve visibility of flow type traffic information on our network, such as what network traffic and protocols are in use, top talkers etc. We are just a single large campus with, from the Internet edge inwards, two standard Cisco ISP WAN routers (HSRP), then a checkpoint firewall cluster that sits behind those two routers, and then two Cisco core switches that sit behind the checkpoint firewall cluster. I'm only interested in deploying a solution for this at the edge of our network, and ideally as close to our WAN links as possible. We've never had netflow or anything similar previously, so starting from scratch I'm wondering what's the best tools to use you'd recommend? That's my first question.

My second question is where would you normally deploy these tools? I don't have any management access to the ISP routers, and I don't know if it's recommended whether it's worth pursuing a solution which involves polling those? I've No idea! ...Or would it be more common to deploy something a little further inside the perimeter, on the firewall cluster for instance?

Thanks as always.



No comments:

Post a Comment