Packet capture vs. Netflow of remote site

Modified on 2025-06-10 14:09:45 +0200

Scenario: Monitor Internet traffic via Netflow in a hub-spoke VPN network with Cisco ASA firewalls over cable/DSL connections (6Mbit down / 1Mbit up). VPN traffic carries Corp data but Internet surfing goes out each firewall. PRTG server is in the core network.

Question: What is the most efficient way to monitor Internet traffic via Netflow on a Cisco ASA? Install a remote probe in each site and create a Netflow sensor...or... install Netflow sensors for each site on the PRTG server in the core network?

Article Comments

Hello,

thank you very much for your KB-Post. I would recommend to have Remote Probes in each site, to only send the "results" back to the core, not the full Netflow packets. And in addition to that, benefit from the caching of monitoring results by the Probes, should the connection be lost for a short time.

best regards.

Aug, 2013 - Permalink

Disclaimer:
The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.

Packet capture vs. Netflow of remote site

Article Comments

Search

Attention

Related Articles