cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 7

ACL hits in NPM for Cisco ASA

Is there a MIB for hits on an ACL. I would like to monitor what ACLs are being hit on my firewall.

0 Kudos
3 Replies
Level 15

We just introduced a new product which covers this: FSM, Firewall Security Manager, more here

The Optimize / Rule Object Cleanup function does that (make sure you click on Log Usage Analysis)

0 Kudos
Level 9

A firewall monitor is what you are really needing. The problem with monitoring firewall rules is that there are so many of them. As an example; if you have a rule with 2 sources, 2 destinations and 2 ports the firewall actually creates 8 rules for that even though you only created one.

One of the other very nice features about a firewall monitor is it can tell you about unused items in any rule or unused rules. Check out FireMon and it's competitors.

0 Kudos
Level 14

You might consider using SYSLOG with the ASA - it offers a ton of messages, some for ACLs. Here are two examples:

 

Error Message

%PIX|ASA-2-106018: ICMP packet type ICMP_type denied by outbound list acl_ID src inside_address dest outside_address

 

Explanation

The outgoing ICMP packet with the specified ICMP from local host (inside_address) to the foreign host (outside_address) was denied by the outbound ACL list.

 

 

Error Message

%PIX|ASA-2-106002: protocol

Connection denied by outbound list acl_ID src inside_address dest outside_address

 

Explanation

This is a connection-related message. This message is displayed if the specified connection fails because of an outbound deny command. The protocol

variable can be ICMP, TCP, or UDP.

0 Kudos