Cisco ASA Firewall on IOS 9.6 flow issues

Document ID : KB000045368
Last Modified Date : 24/04/2018
Show Technical Document Details
Issue:

With the release of Cisco's ASA Firewall firmware, IOS 9.5, the fields sent have changed. A patch is needed on NFA 9.3.3 to read the fields correctly. In NFA you may notice that the device does not show up at all or it may show up, however never display anything other than, "Never", in the "Last Flow" column. You would notice a router entry in harvester.routers table but nothing for that device in harvester.interfaces.

Environment:
NFA 9.3.3
Cisco ASA Firewalls running IOS 9.6+
Cause:

In Cisco's new IOS version, they are sending InitiatorOctets and ResponderOctets as 64bit datatypes instead of the 32bit datatype used in all previous firmware releases. 
 
Resolution:
Upgrade to NFA 9.3.6 or 9.3.8 where support was added for these types of devices.