Monitoring Central

3 Posts authored by: brad.hale

You’ve been asking and we’ve been listening.  We are excited to announce that the newest member of the SolarWinds product family, Log Manager for Orion, is now available for trial.  Built on the Orion Platform, Log Manager provides unified infrastructure performance and log data in a single console. No need to hop back and forth between your infrastructure and log monitoring tools.

 

Through platform integration with Network Performance Monitor, Server & Application Monitor, and other Orion based products, Log Manager closes the gap between performance and log data.  With Log Manager you get:

 

  • Log aggregation
  • Filtering by Log Type, Level, Node name, IP Address, and more
  • Keyword, IP address, and Event ID search
  • Interactive log charting
  • Color-coded event tagging

 

To learn more about Log Manager, visit the Log Manager Thwack Forum or to try for yourself in your environment, download a free trial.

Virtual Private Networks (VPNs) allow secure connections through the open internet. With VPN authentication, encryption, availability, and speed, end-users can work from anywhere as if they were sitting within a millisecond’s ping from the server room. Remote branch offices are connected, cloud resources are securely available, and all is well. That is, if the VPN tunnel works as it should.

 

Colleagues not talking to each other? Could be a grudge, could be trouble joining the call because “that VPN tunneling thingy keeps timing out.” No traffic from the remote office? Could be just lunch break, could be that the site-to-site VPN tunnel is down. What if it really is the network this time?

 

Setting up a trusted tunnel between two endpoints is a multi-step process—this also means that troubleshooting requires knowledge of its complexity. See these handy VPN tunnel troubleshooting flowcharts for LAN-to-LAN and Remote Access VPNs for examples of a systematic approach to figuring out why the remote connection is flunking out.

 

In short, you need to:

  • Send packets that are recognized as initiating a VPN connection attempt.
  • “Phase 1” establishes a secure communication channel by generating a shared secret key to encrypt further communications. Troubleshooting this phase often deals with IP addressing, encryption config, or pre-shared keys.
  • Following the working secure channel, in “Phase 2,” you establish IPSec security associations and negotiate information needed for the IPSec tunnel—connection type, authentication method, and access lists—resulting in a crypto map.
  • On we go to the data transfer:  encrypted, authenticated, and secure.

 

When the VPN connection fails and it’s troubleshooting time, you want visibility into your VPN environment. We’ve come up with Network Insight for Cisco® ASA to help you with just that. One of the most popular security devices on the market meets the worldwide leader in network management software. Sounds promising, right?

In SolarWinds® Network Performance Monitor 12.2, your monitored ASA devices now show additional information beyond SMNP statistics.

 

Site-to-Site VPN shows you whether the tunnel is up, down, or inactive. See traffic ingress and egress, duration of the VPN tunnel uptime, encryption, and hashing info. If the tunnel is down, information about the last phase completed successfully is available. Search, filter, and favorite tunnels to quickly access them in the Node Details view. You can also select specific errors from Phase 1 or Phase 2 to be ignored.

 

Site-to-site VPN

 

 

The Remote Access VPN subview presents a list of remote access tunnels, with the username and tunnel duration details, as well as the amount of data downloaded and uploaded. For failed connections, you’ll see the time and reason why the connection was ended, IP address, and client used. As always, you can use tools to search and filter the sessions.

 

Remote access VPN tunnels

 

 

Several predefined reports and alerts are available to keep your finger on the VPN’s pulse. Tunnel down? You’ll know first. Reaching a threshold? Won’t catch you by surprise. And of course, you can customize your own advanced reports and alerts.

 

You can learn more about Network Insight for Cisco ASA or try it for yourself in the fully featured 30-day trial.

brad.hale

Cover Your ASA

Posted by brad.hale Sep 13, 2017

Monitoring Your Cisco ASA with Network Insight

 

Firewalls have a unique place in the network topology. Found at the perimeter, they control network traffic, connect branch offices, and provide remote access to business services. You don’t any network component to go down or cause problems, but this is especially true of firewalls.

Some mishaps can cost you hours of troubleshooting time, and others will make you sweat while you’re trying to put out the fire on your firewall. Consider these critical failures as situations you want to avoid at all costs.

 

  • No entry/exit allowed – When the firewall goes down, traffic cannot enter or exit—or worse, any traffic can get into your network.
  • High availability (HA) or no availability – If you’ve set up your firewalls correctly, you’ve designed in high availability. Correct HA configuration requires that your firewalls are synchronized. If they aren’t, then a failover situation may result in no availability.
  • Failure to communicate – Connectivity to your remote locations is dependent on VPN tunnels. Tunnel down = bad, tunnel up = good.
  • No worker is an island – Unless, of course, they cannot connect remotely.
  • The shadow knows – But unless you want to dig through your ACLs, you’ll never know if you have shadowed or redundant rules.
  • Needle in a haystack – Something changed in your ACLs, but finding the changes in hundreds of lines of configurations and rules is like… well, it goes without saying.

 

Given the criticality of your firewalls, it’s obvious that monitoring said firewalls is equally, if not more so, important as any other piece of network equipment. Good old SNMP might not always give you enough information for a complete picture of your appliance's health. Plus, let’s face it: using each vendor’s own toolset for troubleshooting and combining the data into a complete picture gets old, fast.

 

We’ve tackled this and are proud to present the latest of our Network Insight features—this time, for Cisco® ASA. Thanks to CLI polling, you can now get enhanced insight into your Cisco ASA firewalls directly within Network Performance Monitor (NPM) and Network Configuration Manager (NCM).

 

In Network Performance Monitor 12.2 you can get visibility into the health and performance of your Cisco ASA infrastructure in a single pane of glass.

  • See the health and availability of your LAN-to-LAN VPN tunnels. Remote access VPN shows you details about connected users, tunnel duration, and more.
  • Monitor your ASA's High Availability sync status, type, and overall health for reassurance that you are prepared for a failover event.

 

Network Configuration Manager 7.7 automates the monitoring and management of ACLs and configurations.

  • The new ACL Rule Browser enables you to filter, search, snapshot, and compare ACL versions.
  • Identify shadow rule redundancies and rules that are configured but not pushed out.
  • Contexts are a great way to segment your ASA as independent virtual devices. With Network Insight for Cisco ASA, you can dig into each of your contexts. Update firmware using NCM’s firmware update tool, both in multi- and single-context modes.

 

Network Insight for Cisco ASA might just be one of the “can’t go back now” features for monitoring your firewalls. See for yourself with our free, fully featured 30-day trials of Network Performance Monitor and Network Configuration Manager, and cover your ASA!

 

To try Network Insight for Cisco ASA you can download a free 30-day trial of NPM, NCM or download both.

SolarWinds uses cookies on its websites to make your online experience easier and better. By using our website, you consent to our use of cookies. For more information on cookies, see our cookie policy.