Cisco ASA Firewall on IOS 9.6 flow issues

Document ID : KB000045368
Last Modified Date : 18/12/2018
Show Technical Document Details

With the release of Cisco's ASA Firewall firmware, IOS 9.5, the fields sent have changed. A patch is needed on NFA 9.3.3 to read the fields correctly. In NFA you may notice that the device does not show up at all or it may show up, however never display anything other than, "Never", in the "Last Flow" column. You would notice a router entry in harvester.routers table but nothing for that device in harvester.interfaces.

NFA 9.3.3
Cisco ASA Firewalls running IOS 9.6+

In Cisco's new IOS version, they are sending InitiatorOctets and ResponderOctets as 64bit datatypes instead of the 32bit datatype used in all previous firmware releases. 
Support for the new field types on ASA devices was added in NFA 9.3.6.
We would recommend upgrading to our latest release, which is currently 9.5 to resolve this issue.