Forum Discussion

Dan_Massameno's avatar
Dan_Massameno
10 years ago

Firewall Connections Per Second

I work mostly with the Cisco ASA5500 family of firewalls. Along with monitoring CPU, I\'m also looking at total connections and connections per second to gauge if the box is overloaded or not. The first two Logic Monitor handles out of the box. The third (Connections per Second) is missing.

The good news is Cisco exposes this as a Gaugge32 via SNMP...

.1.3.6.1.4.1.9.9.491.1.1.1.11.0 --> cufwConnGlobalConnSetupRate5.0

This gives the rolling 5-minute average of connections per second. I prefer this over the 1-min average because I want the averaging function to have a bigger window than my poling process (I\'m using the LogicMonitor’s default 2-min poling.) With a shorter window I might be \'\'catching\'\' a spike or valley that may not be representative of the overall trend.

I\'ve been monitoring this OID for almost a week now and it\'s returning good data (see attached screen shot.) Looks like a great addition to the other important metrics.

If we can get enough people responding to this post maybe we can get LogicMonitor to build it into the standard Global PIX/ASA Stats datasource?

3 Replies

Sort By
Replies have been turned off for this discussion
  • Dan_Massameno's avatar
    Dan_Massameno
    10 years ago

    Once quick side-note: I noticed in the MIB there is something called...rn

    1.3.6.1.4.1.9.9.491.1.1.1.1 --> cufwConnGlobalNumAttempted.0rn

    Its of type Counter64 and counts the total number of connections since the box rebooted. I like Counter64 better than Gauge32 because then the network monitoring software (Logic Monitor) can do the delta over time calculation. No connections would be missed with such a setup.rn

    Unfortunately, when running ASA5500 software version 8.4(2) this OID does not return a value. If someone in the forum has a newer version we could check to see if Cisco started using this counter. The Logic Monitor could check to see if a value was returned and if not, revert to using cufwConnGlobalConnSetupRate5.rn rn

  • Allen_Chan's avatar
    Allen_Chan
    10 years ago

    we are using 8.4(5) rn.1.3.6.1.4.1.9.9.491.1.1.1.11.0 responds but .1.3.6.1.4.1.9.9.491.1.1.1.1 does not

  • Dan_Massameno's avatar
    Dan_Massameno
    10 years ago

    I just tried the following on a newer ASA5500 running 9.1(5)...rn1.3.6.1.4.1.9.9.491.1.1.1.1 --> cufwConnGlobalNumAttempted.0rnDoesnt work on this newer code either. I think the cufwConnGlobalNumAttempted works on Cisco *routers* with the firewall feature set, not the ASA5500.rnGuess were stuck with the Gauge32 and a 5-min average.