Monitoring Your Cisco ASA with Network Insight

 

Firewalls have a unique place in the network topology. Found at the perimeter, they control network traffic, connect branch offices, and provide remote access to business services. You don’t any network component to go down or cause problems, but this is especially true of firewalls.

Some mishaps can cost you hours of troubleshooting time, and others will make you sweat while you’re trying to put out the fire on your firewall. Consider these critical failures as situations you want to avoid at all costs.

 

  • No entry/exit allowed – When the firewall goes down, traffic cannot enter or exit—or worse, any traffic can get into your network.
  • High availability (HA) or no availability – If you’ve set up your firewalls correctly, you’ve designed in high availability. Correct HA configuration requires that your firewalls are synchronized. If they aren’t, then a failover situation may result in no availability.
  • Failure to communicate – Connectivity to your remote locations is dependent on VPN tunnels. Tunnel down = bad, tunnel up = good.
  • No worker is an island – Unless, of course, they cannot connect remotely.
  • The shadow knows – But unless you want to dig through your ACLs, you’ll never know if you have shadowed or redundant rules.
  • Needle in a haystack – Something changed in your ACLs, but finding the changes in hundreds of lines of configurations and rules is like… well, it goes without saying.

 

Given the criticality of your firewalls, it’s obvious that monitoring said firewalls is equally, if not more so, important as any other piece of network equipment. Good old SNMP might not always give you enough information for a complete picture of your appliance's health. Plus, let’s face it: using each vendor’s own toolset for troubleshooting and combining the data into a complete picture gets old, fast.

 

We’ve tackled this and are proud to present the latest of our Network Insight features—this time, for Cisco® ASA. Thanks to CLI polling, you can now get enhanced insight into your Cisco ASA firewalls directly within Network Performance Monitor (NPM) and Network Configuration Manager (NCM).

 

In Network Performance Monitor 12.2 you can get visibility into the health and performance of your Cisco ASA infrastructure in a single pane of glass.

  • See the health and availability of your LAN-to-LAN VPN tunnels. Remote access VPN shows you details about connected users, tunnel duration, and more.
  • Monitor your ASA's High Availability sync status, type, and overall health for reassurance that you are prepared for a failover event.

 

Network Configuration Manager 7.7 automates the monitoring and management of ACLs and configurations.

  • The new ACL Rule Browser enables you to filter, search, snapshot, and compare ACL versions.
  • Identify shadow rule redundancies and rules that are configured but not pushed out.
  • Contexts are a great way to segment your ASA as independent virtual devices. With Network Insight for Cisco ASA, you can dig into each of your contexts. Update firmware using NCM’s firmware update tool, both in multi- and single-context modes.

 

Network Insight for Cisco ASA might just be one of the “can’t go back now” features for monitoring your firewalls. See for yourself with our free, fully featured 30-day trials of Network Performance Monitor and Network Configuration Manager, and cover your ASA!

 

To try Network Insight for Cisco ASA you can download a free 30-day trial of NPM, NCM or download both.