Plixer offers free tool that brings Netflow analysis to Cisco ASA firewall

Q & A with Michael Patterson, the President and CEO of network traffic analysis vendor Plixer International.

Due to the untraditional export of NetFlow from the Cisco ASA firewall, network traffic analysis vendors to date have shied away from figuring out this enigma. Nonetheless, network traffic analysis vendor Plixer International decided to tackle it and announced this week support for NetFlow exported from the ASA in Plixer's latest traffic analysis software release, Scrutinizer v7. Naturally, there's a catch to Plixer's new release. So what's the catch? It's free Hopefully, in the following Q & A session with Plixer CEO Michael Patterson, you will learn how this new strategy could potentially help Plixer's business:

1. Do you have a special relationship with Cisco?

Mike Patterson: I’d like to think so, but I think we have basically the same relationship with Cisco as several of our competitors. I do make sure that when I approach people like Benoit Claise (a Cisco NetFlow visionary), that I avoid questions I could get answers to elsewhere.

2. How can you make money by offering your new release Scrutinizer v7 as a free product?

Mike Patterson: Scrutinizer has always been free at some level. We are just taking it to another level with version 7. A free product can help generate awareness. As a non-venture funded company, we need ways to outshine some of our larger competitors. We know our product is better and by offering it for free, it will help us demonstrate to new customers that it's better.

3. Why would you give away reporting on NetFlow from the Cisco ASA firewall if you're the only vendor that can currently do it?

Mike Patterson: Again, it creates awareness. We want to make sales with our add on modules: Central Interface for Distributed NetFlow collectors, Flow Analytics for network behavior analysis and archiving of data and a Service Provider Module for setting up per login permissions to see only certain data. It's just a matter of time before the other vendors decide to put in the engineering effort and copy what we did. Although it will take time if they haven’t already started, because it isn’t as simple as NetFlow v5.

4. Why is the NetFlow from a Cisco ASA difficult to report on?

Mike Patterson: In short, ‘templates’. The byte count per flow is exported differently as are long lived flows. There is currently no active timeout setting for long lived TCP connections and this causes spikes in the trends. Also, messages normally kicked out as syslogs are also exported in NetFlow v9 as NSEL (NetFlow Security Event Logs) by the ASA. This is actually kind of clever on Cisco’s part. Unlike traditional NetFlow, sometimes Scrutinizer reports must reach across multiple templates. The whole development effort has been kind of an aggressive undertaking. Configuring NetFlow on the ASA (see how) alone can be a bear. (BTW: Scrutinizer v7 is also the first solution to report on IPv6 in NetFlow v9).

5. Can you expand a little further on this difficulty and how you overcame it?

Mike Patterson: Working with NetFlow from the ASA requires more than decoding the templates. We developed a new architecture for Flexible NetFlow that prepares our product for reporting on things such as NBAR, MAC Addresses, VLAN IDs, etc. all from NetFlow v9. We feel we really did our research and a major rewrite of things such as our collector was necessary to prepare for what is coming in NetFlow.

Flow Templates Screenshot 6. Do other competitive Firewalls support Cisco NetFlow?

Mike Patterson: I’m not sure. I know our Sonicwall didn’t, so we just replaced it with a Cisco ASA 5500. Several vendors support NetFlow and/or the competitive technology sFlow. Customers should push their vendors to support these technologies. Analyzing NetFlow is a lot more cost effective than deploying packet analyzers and generally every bit as informative.

7. How does Scrutinizer display NetFlow differently from other traffic analysis vendors?

Mike Patterson: Reporting in Scrutinizer is more analytically driven. I often compare it to Wireshark. We're not a simple top x reporting tool. We capture all the flows, all the records, all the time and give access to the raw flows. Plixer's NetFlow Challenge paper can help evaluators with their decision.

Scrutinizer Screenshot

What do you think? Is Plixer’s free strategy going to help them?

BradReese.Com Cisco Refurbished - Services that protect, maintain and optimize Cisco hardware Contact: Brad Reese | Twitter:

  1. Cisco's commercial business council cochair bolts
  2. Cisco adds lawyers to its cost-cutting list
  3. Is the fair value of Nortel's metro Ethernet and 40Gig product line only $600 million?
  4. Former Cisco star joins Arista Networks
  5. Ericsson President and CEO has no fear of competing with mighty Cisco
  6. Wall Street Analyst: IBM is hedging its bets on Ethernet switches
  7. Cutting out the channel, are we seeing Cisco's future with the launch of Eos?
  8. Exactly how new is Cisco's organizational structure?
  9. Management vision of Cisco CEO John Chambers under fire
  10. Cisco says there's no CCIE amnesty program
  11. Employee reviews on slam Cisco
  12. In-line monitoring vs. NetFlow or sFlow
  13. Cisco board directors are at the epicenter of the Microsoft and Yahoo! deal
  14. What business is Cisco in today?
  15. HP scolds the Cisco unified computing system
  16. Cisco CEO John Chambers to stay at Cisco for another decade or more?
  17. Cisco buying Dell: Allan Leinwand's idea is brilliant
  18. Chocolate icon Hershey fails at online retailing
  19. Juniper tries to pound spike into Cisco's heart
  20. View Brad Reese on Cisco Story Archives
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.