Cisco Secure Firewall ASA (SNMP)

Description

This connector monitors Cisco Secure Firewall ASA devices. It relies on theCisco Secure Firewall ASA SNMP Agent version 8.4 and higher.

cisco firewall hardware

Enterprise Connector

This connector requires the Enterprise edition of MetricsHub.

Target

Typical platform: Cisco ASA Firewall

Operating system: Out-Of-Band

This connector is not available for the local host (it is applicable to remote hosts only).

Prerequisites

Leverages: Cisco Secure Firewall ASA SNMP Agent version 8.4 and higher

Technology and protocols: SNMP

Examples

CLI

metricshub HOSTNAME -t oob -c +CiscoSecureFirewallASA --snmp v2c --community public

metricshub.yaml

resourceGroups:
  <RESOURCE_GROUP>:
    resources:
      <HOSTNAME-ID>:
        attributes:
          host.name: <HOSTNAME> # Change with actual host name
          host.type: oob
        connectors: [ +CiscoSecureFirewallASA ] # Optional, to load only this connector
        protocols:
          snmp:
            version: v2c # Read documentation for v1, v2c and v3
            community: public # or probably something more secure

Connector Activation Criteria

The Cisco Secure Firewall ASA (SNMP) connector will be automatically activated, and its status will be reported as OK if all the below criteria are met:

An SNMP GetNext on the OID 1.3.6.1.4.1.9.9.147 must return a non-empty value

Metrics

Type	Collected Metrics	Specific Attributes
cpu	`hw.status{hw.type="cpu", state="present"}` `system.cpu.utilization`	`id`
enclosure	`hw.status{hw.type="enclosure", state="present"}` `system.uptime`	`id` `name`
firewall_connection	`firewall.connections{state="aborted"}` `firewall.connections{state="attempted"}` `firewall.connections{state="highest"}` `firewall.current_connections`	`id`
memory	`hw.status{hw.type="memory", state="present"}` `system.memory.limit` `system.memory.usage` `system.memory.utilization`	`id` `name` `type`
snmpEngine	`snmp_engine.uptime`	`id` `name`
ssl	`firewall.sessions.limit{protocol="ssl"}` `firewall.sessions{protocol="ssl"}` `firewall.ssl.io{operation.type="decrypt", direction="received"}` `firewall.ssl.io{operation.type="decrypt", direction="sent"}` `firewall.ssl.io{operation.type="encrypt", direction="received"}` `firewall.ssl.io{operation.type="encrypt", direction="sent"}`	`id`
vpn	`firewall.vpn.dropped{direction="received", tunnel.phase="phase_1"}` `firewall.vpn.dropped{direction="received", tunnel.phase="phase_2"}` `firewall.vpn.dropped{direction="sent", tunnel.phase="phase_1"}` `firewall.vpn.dropped{direction="sent", tunnel.phase="phase_2"}` `firewall.vpn.io{direction="received", tunnel.phase="phase_1"}` `firewall.vpn.io{direction="received", tunnel.phase="phase_2"}` `firewall.vpn.io{direction="sent", tunnel.phase="phase_1"}` `firewall.vpn.io{direction="sent", tunnel.phase="phase_2"}` `firewall.vpn.packets{direction="received", tunnel.phase="phase_1"}` `firewall.vpn.packets{direction="received", tunnel.phase="phase_2"}` `firewall.vpn.packets{direction="sent", tunnel.phase="phase_1"}` `firewall.vpn.packets{direction="sent", tunnel.phase="phase_2"}` `firewall.vpn.tunnels{tunnel.phase="phase_1"}` `firewall.vpn.tunnels{tunnel.phase="phase_2"}`	`id`

Description​

Target​

Prerequisites​

Examples​

CLI​

metricshub.yaml​

Connector Activation Criteria​

Metrics​