Report inbound connections to firewall

You should be able to chart it out with the gui.

There are statistics tables that holds a count for connections.

ASA_ConnectionStatistics_Detail, _Hourly and _Daily as well.

I would have to do a test, but first thought it they are using the 'crasNumUsers' OID to poll for this value. Which is what I used to poll for manually before the ASA integration.

Object crasNumUsers

OID 1.3.6.1.4.1.9.9.392.1.3.3

-CharlesH

Loop1 Systems: SolarWinds Training and Professional Services

• LinkedIN: Loop1 Systems
• Facebook: Loop1 Systems
• Twitter: @Loop1Systems

Precursor : Cisco ASA Active VPN Connections  

I hear SolarWinds is doing away with Report Writer, I looked at Manage Reports from All Settings and ran report to get just a total. I am looking for detail to see if many connections are arriving from a single IP to help identify an attack. Not sure if this is possible with SolarWinds, thanks for the info so far. If you have any other suggestions I can look at let me know, I'll keep looking, thanks

Hi Charles,

How can you do this with a Cisco FTD?

Thanks much,

Cheryl

I wish Solarwinds would keep Report Writer. It has helped me out quite abit when I needed specific reports when the Web interface Report Management tool could help.

I hear you!

Cheryl

cmatrask​, I am not 100% sure, you might want to do a scan of the device if you are able.

So far I have not been able to find the full detail that you are looking for. I do not have one of my own at the moment to scan, but you might try tuning into 1.13.6.1.4.1.9.9.826.0.x.x  for a scan/walk (starting at 1.13.6.1.4.1.9.9.826, or ...826.0.)  if a full walk does not get the desired results in your return... X values I am unsure of, but it indicates a data structure is present to hold some detail. The naming is similar enough to the ASA'a that I think the devil is in there somewhere.