Control Plane

The average CPU utilization for the control plane, for the last one minute.

percentage

Data Plane

The average CPU utilization for the data plane, for the last one minute.

percentage

Snort

The average CPU utilization for the Snort process, for the last one minute.

percentage

System

The average CPU utilization for the system processes, for the last one minute.

percentage

Physical cores

The average CPU utilization for all the cores, for the last one minute.

percent

Buffer cache

The buffer cache.

bytes

Free

The total free memory.

bytes

Maximum Data Plane

The maximum memory used by the data plane.

bytes

Maximum Snort

The maximum memory used by the Snort process.

bytes

Maximum Swap for Snort

The maximum swap memory used by the Snort process.

bytes

Remaining Memory Block (1550)

The free memory in a 1550 byte block.

number

Remaining Memory Block (256)

The free memory in a 256 byte block.

number

System Used

The total memory used by the system.

bytes

Total

The total memory available.

bytes

Total Swap

The total memory available for swap.

bytes

Data Plane

The total memory used by the data plane.

bytes

Percent Used by Data Plane

The percent of memory used by the data plane.

percent

Percent Used by Snort

The percent of memory used by the Snort process.

percent

Percent Used for Swap

The percent of memory used for swap.

percent

Percent Used by System

The percent of memory used by the system.

percent

Percent Used by System and Swap

The percent of memory used by the system and swap combined.

percent

Snort

The total memory used by the Snort process.

bytes

Used Swap

The total memory used for swap.

bytes

Used Swap by Snort

The total swap memory used by the Snort process.

bytes

Drop Packets

The number of packets dropped.

number

Average Input Packet Size

The average size of incoming packets.

bytes

Input Rate

The total incoming bytes.

bytes

Input Packets

The total incoming packets.

number

Average Output Packet Size

The average size of outgoing packets.

bytes

Output Rate

The total outgoing bytes.

bytes

Output Packets

The total outgoing packets.

number

Status

The status of an interface; 1 for up and 0 for down.

1 or 0

Connections in use

Shows the number of active connections.

number

Peak Connections

Shows the maximum number of simultaneous connections.

number

Total Connections per second

The connections-per-second for all connection types.

number

TCP Connections per second

The connections-per-second for TCP connection types.

number

UDP Connections per second

The connections-per-second for UDP connection types.

number

Preserve Connections Enabled

Preserves existing TCP/UDP connections on routed and transparent interfaces in case the Snort process goes down.

number

Connections Preserved

Connections for which preserve-connection is currently enabled.

number

Preserve Connections Most Enabled

The most number of connections ever preserved.

number

Peak Connections Preserved

The most number of peak connections ever preserved.

number

NAT Translations

Displays the translation count.

number

Peak NAT Translations

Displays the historic maximum of concurrent translations at a time.

number

Blocked list flows

The number of flows from policy configuration that were dropped by Snort.

number

Blocked packets

The number of blocked packets.

number

Denied flows

The number of denied flow events. The data plane sends denied flow events to Snort when it decides to drop a flow before sending it to Snort.

number

End of flows

The data plane sends end-of-flow events to Snort when a fast path flow ends.

number

Fast forwarded flows

The number of flows that were fast forwarded by policy, and thus not inspected.

number

Dropped frames forwarded from the data plane

The number of dropped frames forwarded from the data plane.

number

Injected packets dropped

The number of packets that Snort added to the traffic stream that were dropped.

number

Injected packets

The number of packets Snort created and added to the traffic stream. For example, if you configure a block with reset action, Snort generates packets to reset the connection.

number

Instances

The number of snort instances (processes).

number

Packet receiving queue utilization percentage

The queue utilization rate for the data plane receive queue.

percent

Packets bypassed due to Snort busy

The number of packets that bypassed inspection when Snort was too busy to handle the packets.

number

Packets bypassed due to Snort down

The number of packets that bypassed inspection when Snort was down.

number

Packets bypassed due to RX queue full

The number of packets bypassed due to a receive queue full.

number

Packets bypassed due to TX queue full

The number of packets bypassed due to a transmit queue full.

number

Passed packets

The number of packets sent to Snort from the data plane.

number

Start of flows

The number of start-of-flow events. These events help Snort keep track of the connections and report the connection events.

number

Connection limit exceeded

Counts the number of flows closed when the connection limit has been exceeded.

number

Connection limit reached

Counts the number of dropped packets when the connection limit or host connection limit has been exceeded.

number

L2 rule drop

Counts the number of denied packets due to a Layer 2 ACL.

number

L2 rule VXLAN drop

Counts the number of denied packets due to a failure to locate a VXLAN out_tag when applying Layer 2 ACL checks.

number

NAT reverse path failed

Counts the number of rejected attempts to connect to a translated host using the translated host's real address.

number

NAT failed

Counts the number of failed attempts to create an xlate to translate an IP or transport header.

number

No valid v4 adjacency

Counts the number of dropped packets when the security appliance has tried to obtain an adjacency and could not obtain mac-address for next hop (IPv4).

number

No valid v6 adjacency

Counts the number of dropped packets when the security appliance has tried to obtain an adjacency and could not obtain mac-address for next hop (IPv6).

number

Packet blocklisted by Snort; Packet blocked by Snort

Counts the number of packets dropped as requested by the Snort module.

number

Frame drops – Snort busy; Frame drops – Snort down; Frame drops – Snort drop

Counts the number of frames dropped as the Snort module is busy and unable to handle the frame; the Snort module is down; the Snort module requests the drop.

number

Dispatch queue limit reached

Counts the number of times a device's load balance ASP dispatcher reaches its queue limit. When more packets are attempted, tail drop occurs and this counter is incremented.

number

Destination MAC L2 lookup failed

Counts the number of Layer 2 destination MAC address lookups which fail. Upon the lookup failure, the appliance will begin the destination MAC discovery process and attempt to find the location of the host via ARP and/or ICMP messages.

number

Inspection failure

Counts the number of times the appliance fails to enable protocol inspection carried out by the network processor for the connection. The cause could be memory allocation failure, or for ICMP error message, the appliance not being able to find any established connection related to the frame embedded in the ICMP error message.

number

NAT no xlate to pat pool

Counts no pre-existing xlate found for a connection with a destination matching a mapped address in a PAT pool.

number

No routes to host

Counts the number of times the security appliance tries to send a packet out of an interface and does not find a route for it in routing table.

number

Packet dropped as number of packet queued

Counts the number of packets dropped when the appliance receives a retransmitted data packet that is already in the out of order packet queue.

number

Number of segments queued to an inspection reached limit

For a flow, the number of packets queued to the inspector has reached the limit, thus terminating the flow.

number

Blocked or blocklisted by Snort

Counts the number of times a packet is dropped as requested by the Snort module.

number

Packet drop silently by Snort

Counts the number of times a packet is dropped silently as requested by the Snort module.

number

Un-synced first TCP packet

Counts the number of times a non SYN packet is received as the first packet of a non intercepted and non nailed connection.

number

Number of ACEs

The number of access control entries (ACE), or rules. An access control list (ACL) is composed of one or more ACEs.

number

Number of rules

The number of rules in an intrusion policy.

number

Total

The total size of the device disk.

bytes

Used

The total space used on the device disk.

bytes

Used Percentage by /ngfw

The percent of disk space used by the /ngfw partition.

percentage

Used Percentage by /ngfw/Volume

The percent of disk space used by the /ngfw/Volume partition.

percentage

Used Percentage by /dev/cgroups

The percent of disk space used by the /dev/cgroups partition.

percentage

Used Percentage by /mnt/disk0

The percent of disk space used by the /mnt/disk0 partition.

percentage

Used Percentage by /var/volatile

The percent of disk space used by the /var/volatile partition.

percentage

CPU utilization

The CPU utilization for the process since the start of the process.

percent

Restart count

Number of times the process has restarted since the FTD device boot up.

Note that if the process restarts too frequently, the restart count metric may not reflect the exact number as this metric runs for every minute.

number

Status

Status of the process.

One of the following:

• Started

• Running

• Down

• Waiting

• Locked

• Disabled

  User Disabled

Uptime

Duration for which the process is running.

seconds

Memory used

RSS memory used by the process.

bytes