Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials

ACL hits in NPM for Cisco ASA

Cyteck2000

Is there a MIB for hits on an ACL. I would like to monitor what ACLs are being hit on my firewall.

Find more posts tagged with

Accepted answers

All comments

lchance

You might consider using SYSLOG with the ASA - it offers a ton of messages, some for ACLs. Here are two examples:

Error Message

%PIX|ASA-2-106018: ICMP packet type ICMP_type denied by outbound list acl_ID src inside_address dest outside_address

Explanation

The outgoing ICMP packet with the specified ICMP from local host (inside_address) to the foreign host (outside_address) was denied by the outbound ACL list.

Error Message

%PIX|ASA-2-106002: protocol

Connection denied by outbound list acl_ID src inside_address dest outside_address

Explanation

This is a connection-related message. This message is displayed if the specified connection fails because of an outbound deny command. The protocol

variable can be ICMP, TCP, or UDP.

Myanta

A firewall monitor is what you are really needing. The problem with monitoring firewall rules is that there are so many of them. As an example; if you have a rule with 2 sources, 2 destinations and 2 ports the firewall actually creates 8 rules for that even though you only created one.

One of the other very nice features about a firewall monitor is it can tell you about unused items in any rule or unused rules. Check out FireMon and it's competitors.

fcaron

We just introduced a new product which covers this: FSM, Firewall Security Manager, more here

The Optimize / Rule Object Cleanup function does that (make sure you click on Log Usage Analysis)