network Integration
cisco-firewall (en)


ServicePilot network-cisco-firewall


# Cisco Firewall

Overview

This package is designed to monitor Cisco ASA and PIX Firewalls using SNMP.

Description

This package automatically configures the ServicePilot Manager to collect the basic KPIs needed to monitor a Cisco Firewall in terms of CPU and memory Statistic (IO, Processor, PCI, Fast and multibus), IPSec Statistics and SSL Statistics based on an SNMP collection.

Requirements

  • SNMP service must be installed, configured and started on the targeted machine (Security: read-only SNMP community and allowed host must be set).

  • Network Flows - It is is necessary to ensure network connectivity between ServicePilot and the monitored device. In case of a network infrastructure using a firewall, all the ports below must be opened:

    • UDP/161 (SNMP): Between ServicePilot Manager and Cisco Firewall
    • ICMP/Echo Request (Ping): Between ServicePilot Manager and Cisco Firewall
    • UDP/162 (SNMP Trap): (Optional) Between Cisco Firewall and ServicePilot Agent
  • ServicePilot Requirements

    • ServicePilot Manager minimum version: 8.5

Installation

Before adding a resource to monitor, make certain that all pre-requisites are in place and if a ServicePilot Agent is required, that it is communicating correctly with the ServicePilot Manager.

Add resource using Views Configuration web interface

  1. As an administrative user of ServicePilot, open the ServicePilot web interface.
  2. Navigate to Administration. The Configuration > Views web page will open.
  3. Click on the view in which to place the new resource in the Views hierarchy on the left of the interface. The View editor section will show the existing view contents.
  4. From the Packages list on the right of the interface, click and drag the network-cisco-firewall package into the View editor and let go.
  5. The Package properties dialog box will open to allow resource configuration.
  6. Click OK to close the Package properties dialog box. Note that the dialog box will not close if required parameters are not set.
  7. Click Save to apply the new resource to ServicePilot configuration.

Key field notes

In the Monitoring Policies tab, specify the policy or policies to apply to the package

  1. Basic Parameters tab:

    1. IP address: Specify the IP address of the Cisco Firewall, as resolvable by the machine on which ServicePilot Manager is running
  2. Interfaces tab:

    1. Interfaces: Set it on to get statistics for interfaces.
    2. Use Interface filter instead of Addressing Information: Set it on to get statistics for a specified list on interfaces only. Set it off to get statistics for all available interfaces.
    3. {Optional} Ignored Interfaces names separated with '|': Specify name(s) of interface(s) NOT to be monitored
    4. {Optional} Allowed Interfaces names separated with '|': Specify name(s) of interface(s) to be monitored
    5. {Optional} Custom interface speed separated with '|': Specify maximum speed of interface
  3. Monitoring Options tab:

    1. ICMP Ping: Set it on to get Ping status.

Note: Each element of the ignored/allowed interface lists is a regular expression as defined by Like Operator (Visual Basic)

Notes

MIBs Used:

  • CISCO-IPSEC-FLOW-MONITOR-MIB
  • ALTIGA-SSL-STATS-MIB
  • CISCO-MEMORY-POOL-MIB
  • OLD-CISCO-MIB
network cisco-firewall 0

network cisco-firewall 1

network cisco-firewall 2

network cisco-firewall 3