I have setup netflow on both our ASA and our edge router. When I look at the Netflow graphs in Solarwinds for the edge router, it correlates with what I am seeing on the SNMP graphs. However, when I look at the Netflow graphs in Solarwinds for the ASA, it doesn't correlate with what I am seeing on the SNMP graphs for the same interface. I did some looking around, and it looks like the ASA doesn't actually send information about a flow until the connection is torn down. This results in spikes appearing on the graphs. Is there a way to change something on the ASA so that I don't see spikes, and instead see the actual flow of traffic like I do with the edge router? The ASA is using Netflow v9. Below are some graphs that will hopefully help with this. The other issue that I am having is that our "outside" interface on the ASA looks like Netflow has the ingress and egress reversed.
NOTE: Our internet connection is a 20Mbps symmetrical service
Here is what I see for utilization on the ASA using SNMP (blue ingress, green egress):
Here is what I see for traffic on the ASA using Netflow (ingress):
Here is what I see for traffic on the ASA using Netflow (egress):
