nProbe 8.2 stable is out – A Wink At Next-Gen ASA Firewalls

Posted · Add Comment

We are pleased to announce that the new 8.2 release of nProbe is out. This release features full Cisco ASA NetFlow support. ASA are industry’s first threat-focused next-generation firewalls that export a rich set of information through NetFlow. Being able to collect ASA data using nProbe will give you an advantage over collectors that only interpret standard NetFlow. Collected data can also be sent to ntopng over ZMQ to actually create a very effective solution for the monitoring and visualization of firewall-generated data.

ZMQ-based data export has been greatly improved in this release, too. ZMQ, a high-performance asynchronous messaging library, has always been used to send collected and monitored data from nProbe to ntopng in a JSON-encoded format. Nonetheless, some peculiarities of the JSON-encoded format were preventing ultra-high throughputs from being reached when exchanging data over ZMQ. This release heavily uses batching and compression to remove any possible bottleneck occurring in ZMQ communications.

nProbe binary packages are available at

The full list of new features and changes present in this release is the following:

Main New Features
  • Support for multiple –zmq endpoints to load-banace exported flows in a round-robin fashion
  • Full support for NetFlow exported by ASA, including firewall events and cumulative counters
  • MySQL database interoperability with ntopng using template -T “@NTOPNG@”
New Options
  • Added –plugin-dir <dir> for loading plugins from the specified directory
  • bgpNextHop support
  • sFlow
    • Improved sFlow upscale algorithm and added heuristic to prevent sFlow exporters bugs
    • Fixed throughput calculation and upsampling of sFlow traffic
  • Full systemd support for Debian, Ubuntu, Centos, and Raspbian
  • Fixes wrong flow first/last calculations when collecting IPFIX
  • Added support for flowDurationMillis Fixed bug for properly handling flowStart/flowEndMillis