CISCO-FIREWALL network technology integration


ServicePilot network-cisco-firewall


# Cisco Firewall

Overview

This package is designed to monitor Cisco ASA and PIX Firewalls using SNMP. Statistics are collected for a single device , in order to provide an overall view of the status and health of the different system and board components of the device.

Description

This package automatically configures the ServicePilot Manager to collect the basic KPIs needed to monitor a Cisco Firewall on which SNMP Service has been configured. The statistics gathered in this way include:

  • CPU and memory Statistic (IO, Processor, PCI, Fast and multibus)
  • IPSec Statistics
  • SSL Statistics

Requirements

  • SNMP service must be installed, configured and started on the targeted machine (Security: read-only SNMP community and allowed host must be set).

  • Network Flows - It is is necessary to ensure network connectivity between ServicePilot and the monitored device. In case of a network infrastructure using a firewall, all the ports below must be opened:

    • UDP/161 (SNMP): Between ServicePilot Manager and Cisco Firewall
    • ICMP/Echo Request (Ping): Between ServicePilot Manager and Cisco Firewall
    • UDP/162 (SNMP Trap): (Optional) Between Cisco Firewall and ServicePilot Manager
  • ServicePilot Requirements

    • ServicePilot Manager minimum version: 8.5

Installation

Before adding a resource to monitor, make certain that all pre-requisites are in place and if a ServicePilot Agent is required, that it is communicating correctly with the ServicePilot Manager.

Add resource using Views Configuration web interface

  1. As an administrative user of ServicePilot, open the ServicePilot web interface.
  2. Navigate to Administration. The Configuration > Views web page will open.
  3. Click on the view in which to place the new resource in the Views hierarchy on the left of the interface. The View editor section will show the existing view contents.
  4. From the Packages list on the right of the interface, click and drag the network-cisco-firewall package into the View editor and let go.
  5. The Resource properties dialog box will open to allow resource configuration.
  6. Click OK to close the Resource properties dialog box. Note that the dialog box will not close if required parameters are not set.
  7. Click Save to apply the new resource to ServicePilot configuration.

License

Object TypeLicense object ConsumedCondition
System Information1If System enabled
ICMP Ping1If Ping enabled
IPSec Statistics1
Firewall SSL1
Network Interfaces1 per interface monitoredIf Enable Interface Monitoring enabled and interfaces selected

Key field notes

In the Monitoring Policies tab, specify the policy or policies to apply to the resource

  1. Basic Parameters tab:

    1. IP address: Specify the IP address of the Cisco Firewall, as resolvable by the machine on which ServicePilot Manager is running
  2. Interfaces tab:

    1. Interfaces: Set it on to get statistics for interfaces.
    2. Use Interface filter instead of Addressing Information: Set it on to get statistics for a specified list on interfaces only. Set it off to get statistics for all available interfaces.
    3. {Optional} Ignored Interfaces names separated with '|': Specify name(s) of interface(s) NOT to be monitored
    4. {Optional} Allowed Interfaces names separated with '|': Specify name(s) of interface(s) to be monitored
    5. {Optional} Custom interface speed separated with '|': Specify maximum speed of interface
  3. Monitoring Options tab:

    1. ICMP Ping: Set it on to get Ping status.

Note: Each element of the ignored/allowed interface lists is a regular expression as defined by Like Operator (Visual Basic)

Notes

MIBs Used:

  • CISCO-IPSEC-FLOW-MONITOR-MIB
  • ALTIGA-SSL-STATS-MIB
  • CISCO-MEMORY-POOL-MIB
  • OLD-CISCO-MIB
network CISCO-FIREWALL 0

network CISCO-FIREWALL 1

network CISCO-FIREWALL 2

network CISCO-FIREWALL 3


We can help you

Or call us at +33 2 40 60 13 30