Okuqukethwe fihla
1 I-CISCO FC 4210 Network Visibility Module
2 Isingeniso
3 Ukuqinisekisa
4 Amadokhumenti / Izinsiza
4.1 Izithenjwa

Ilogo ye-CISCO

I-CISCO FC 4210 Network Visibility Module

CISCO-FC-4210-Network-Visibility-Module-product

Isingeniso

Kuphelileview
Use this guide to configure Cisco Secure Network Analytics with Network Visibility

Module (NVM) to enable:

  • Ukugcina kanye viewing of NVM fields
  • Existing policy violation rules to trigger from NVM flows
  • NetFlow detections based on NVM traffic
  • Creating Custom Security Events based on the endpoint connections

Izimfuneko

  • Secure Client (including AnyConnect) v4.7 and later
  • Secure Network Analytics v7.5.3

You no longer need to purchase an Endpoint license for NVM telemetry. NVM traffic is included along with NetFlow when calculating Flow Rate (FPS) licensing requirements. For more information about licensing, refer to the Smart Software Licensing Guide 7.5.3.

Data Store Capabilities
Cisco Secure Network Analytics Data Store provides:

  • Full visibility to the endpoint, including on-network and off-network data
  • Visibility to any NVM fields from the Endpoint Traffic (NVM) report in Report Builder
  • A minimum of 30 days of storage of NVM data
  • Improved processing and query performance
  • NetFlow detections based on NVM traffic
  • Creating Custom Security Events based on the endpoint connections

The following table provides performance estimates for a standard enterprise traffic profile (most customers):

Flows per second (FPS)  

Number of FC 4210s

 Inombolo ye

DS 6200s/ 31 Days Storage
I-NetFlow I-NVM
300,000 150,000 1 3
  • There are several factors that may affect your specific performance, such as number of hosts, average size of flows, and more. While we do our best to represent the data as fairly and accurately as possible, your environment may experience different limits.

Ukucushwa

Configure your NVM Profile
The Secure Client Profile Editor is available through Cisco Adaptive Security Device Manager (ASDM) or as a standalone offering. For more information about how to use the Secure Client Profile Editor, refer to the Secure Client (including AnyConnect) Administrator Guide.

  1. Verify you have installed the Network Visibility Module.CISCO-FC-4210-Network-Visibility-Module-fig-1
  2. Open the NVM Profile display box.CISCO-FC-4210-Network-Visibility-Module-fig-2
  3. In the Collector Configuration section, enter the IP Address and Port of your Flow Collector.
    • We recommend you use Port 2030. If the 2030 port is already in use, you may use any non-reserved port. You will use this port in the Configure the Flow Collector section.
    • We recommend you don’t use Ports 514, 2055, 8514, 8515, or 9514.
    • Make sure to leave the Secure check box unchecked.
  4. Khetha File > Save, then close the NVM Profile editor display box.

Configure the Flow Collector to Ingest NVM Traffic

Using First Time Setup (Data Store Only)

To enable the ingestion of NVM traffic on a new Flow Collector with a Data Store, complete the following steps:

  1. Landela imiyalelo kugaydi esebenzayo yokufaka into esebenza ku-Flow Collector yakho. Bese, sebenzisa Umhlahlandlela Wokucushwa Kwesistimu ukuze uthole imiyalelo enemininingwane eminingi mayelana nokucushwa komshini wezinhlobo eziningi ze-telemetry.
  2. Finyelela kukhonsoli yomshini ebonakalayo. Vumela umshini obonakalayo ukuthi uqedele ukuqalisa.
  3. Ngena nge-console.
    • Login: sysadmin
    • Default Password: lan1cope
      • Make sure to change the default password when configuring your system.
  4. Review imininingwane yemizamo yokungena ehlulekile. Khetha KULUNGILE ukuze uqhubeke. CISCO-FC-4210-Network-Visibility-Module-fig-3
  5. Review isethulo Sesethaphu Sokuqala. Khetha KULUNGILE ukuze uqhubeke. CISCO-FC-4210-Network-Visibility-Module-fig-4
  6. Select Network Visibility Module – NVM from the telemetry types list. Select Yes to continue. All telemetry types are selected by default. CISCO-FC-4210-Network-Visibility-Module-fig-5
  7. Enter the UDP port for Network Visibility Module – NVM. Select OK. We recommend you use Port 2030. If the 2030 port is already in use, you may use any non-reserved port. You will use this port in the Configure the Flow Collector section. Set the value to the port specified in step 2 of the Configure NVM profile on AnyConnect section. We recommend you don’t use Ports 514, 2055, 8514, 8515, or 9514. Make sure your telemetry ports are unique. If you configure duplicate telemetry ports, the ports will be reset to their internal defaults to avoid loss of flow data. For example, if NetFlow and NVM are exported to the same telemetry port, each device exporting NVM data will create an exporter on the Flow Collector and exhaust the exporter resources in the Flow Collector engine, resulting in loss of flow data.
  8. Confirm your settings. Select Yes to continue.
  9. Landela imiyalo esesikrinini ukuze uqedele indawo ebonakalayo bese uqala kabusha insiza.

Using the Flow Collector Advanced Settings
Qiniseka ukuthi ufaka isiqephu sakamuva se-Flow Collector NetFlow rollup ngaphambi kokuthi uqale le nqubo.
To enable ingest of NVM traffic on a Flow Collector that has already been configured, complete the following steps:

  1. Ngena kuMphathi wakho.
  2. Kumenyu enkulu, khetha okuthi Lungiselela > Umhlaba > Ukuphathwa Okuphakathi.
  3. On the Inventory page, click the … (Ellipsis) icon for your Flow Collector, then select View Izibalo zikagesi. I-Flow Collector Admin interface iyavula.
  4. Khetha Ukusekela > Izilungiselelo Ezithuthukile.
    • Uma inkambu ingaboniswa, chofoza indawo ethi Engeza Inketho Entsha. Ukuze uthole ulwazi olwengeziwe mayelana nokuhlela izilungiselelo ezithuthukisiwe Kuqoqo Olugelezayo, bheka isihloko sosizo Sezilungiselelo Ezithuthukisiwe.
  5. In the enable_nvm field, set the value to 1. This field defaults to 0.
  6. In the nvm_netflow_port field, set the value to the port specified in step 2 of the Configure NVM profile on AnyConnect section. We typically recommend Port 2030. Make sure your telemetry ports are unique. If you configure duplicate telemetry ports, the ports will be reset to their internal defaults to avoid loss of flow data. We recommend you don’t use Ports 514, 2055, 8514, 8515, or 9514. For example, if NetFlow and NVM are exported to the same telemetry port, each device exporting NVM data will create an exporter on the Flow Collector and exhaust the exporter resources in the Flow Collector engine, resulting in loss of flow data.
  7. In the nvm_to_flow_cache field, set the value to 1 to capture network-based detections of NVM ingest flows. This field defaults to 0.
  8. In the nvm_filter_untrusted_flows field, set the value to 1. When you activate this field, it filters out untrusted traffic from network-based detections and averts possible issues such as conflicting IP addresses. This field defaults to 0. CISCO-FC-4210-Network-Visibility-Module-fig-6
    If you have Data Store and set the nvm_filter_untrusted_flows field value to 1, untrusted traffic is filtered out but remains stored in the NVM tables used to build the Endpoint Traffic (NVM) report. If you don’t have Data Store, the untrusted traffic is not retained.
  9. Chofoza okuthi Faka.
  10. When the confirmation message displays, click OK.

Configure the Flow Collector for Off-Network Cached Flows (Optional)
Use the following instructions to configure cache flow processing for collecting off-network NVM traffic. Collecting off-network NVM traffic impacts system performance. Do not enable this configuration if you do not need to collect or analyze this data. If you enable the configuration and your system performance is impacted, adjust the throttle rate (refer to the AnyConnect Administrator Guide) and/or decrease the nvm_age_limit_days (refer to the instructions in this section).

Before you start this procedure, make sure you finish the previous procedures. You will continue this configuration on the Flow Collector Advanced Settings page. If the Flow Collector is closed, log in to it directly, or:
  1. Ngena kuMphathi wakho.
  2. From the main menu select Configure > Global > Central Management.
  3. On the Inventory page, click the (Ellipsis) icon for your Flow Collector, then select View Izibalo zikagesi. I-Flow Collector Admin interface iyavula.
  4. Khetha Ukusekela > Izilungiselelo Ezithuthukile.
  5. Update the following fields:
    • process_old_nvm_flows: Enter 1 to enable cached flows to be processed by the Flow Collector.
    • nvm_age_limit_days: Enter the maximum age (number of days) to collect cached flows by the Flow Collector. For example, if you enter 7, cached flows up to 7 days old will be processed. If you enter 0 (zero), then all cached flows will be processed. For best performance, set a limited number of days.
    • Uma inkambu ingaboniswa, chofoza indawo ethi Engeza Inketho Entsha. Ukuze uthole ulwazi olwengeziwe mayelana nokuhlela izilungiselelo ezithuthukisiwe Kuqoqo Olugelezayo, bheka isihloko sosizo Sezilungiselelo Ezithuthukisiwe.
  6. Chofoza okuthi Faka.
  7. When the confirmation message is shown, click OK.

Ukuqinisekisa

Depending on your Secure Network Analytics deployment, you will see NVM data in a Flow Search or Report Builder.

Running a Flow Cinga NVM Data (Non Data Store Only)

  1. Ngena kuMphathi wakho.
  2. From the main menu, select Investigate > Flow Search.
  3. Run a Flow Search.
  4. On the Flow Search Results, filter the table by the Subject Process Name to verify you are getting NVM flows.

Accessing NVM Reports (Data Store Only)
Report Builder provides three NVM-related reports for Secure Network Analytics with a Data Store:

  • NVM Database Ingest Trend provides a notification when your data has successfully reached the database ingest
  • NVM Collection Trend shows the flow rate arrival at the Flow Collector from NVM
  • Endpoint Traffic (NVM), displays the most recent 300 records based on the end time
    • For more information about these reports, click the ? (Help) icon to access the Help for Report Builder.

Okwesiboneloample, kwe view the Endpoint Traffic (NVM) report:

  1. Ngena kuMphathi wakho.
  2. Kumenyu enkulu, khetha Bika > Bika Umakhi.
  3. Click Create New Report and select Endpoint Traffic (NVM).
  4. Chofoza u-Run.
  5. Review the report to view the NVM data.

Ixhumana Nosekelo
Uma udinga ukwesekwa kobuchwepheshe, sicela wenze okukodwa kokulandelayo:

Shintsha Umlando

Inguqulo Yedokhumenti Usuku Lokushicilela Incazelo
1_0 Agasti 19, 2025 Uhlobo lokuqala.

Ulwazi Lwelungelo Lobunikazi

I-Cisco kanye nelogo ye-Cisco yizimpawu zokuthengisa noma izimpawu zokuthengisa ezibhalisiwe ze-Cisco kanye/noma izinhlaka zayo e-US nakwamanye amazwe. Kuya view uhlu lwezimpawu zokuthengisa ze-Cisco, hamba kulokhu URL: https://www.cisco.com/go/trademarks. Izimpawu zokuthengisa zezinkampani zangaphandle ezishiwo ziyimpahla yabanikazi bazo. Ukusetshenziswa kwegama elithi uzakwethu akusho ubudlelwano bokusebenzisana phakathi kweCisco nanoma iyiphi enye inkampani. (1721R)

  • 2025 Cisco Systems, Inc. and/or its affiliates. All rights reserved.

Amadokhumenti / Izinsiza

I-CISCO FC 4210 Network Visibility Module [pdf] Umhlahlandlela Womsebenzisi
FC 4210, DS 6200, FC 4210 Network Visibility Module, FC 4210, Network Visibility Module, Visibility Module, Module

Izithenjwa

Shiya amazwana

Ikheli lakho le-imeyili ngeke lishicilelwe. Izinkambu ezidingekayo zimakiwe *