User Guide for Cisco Performance Monitor 3.2.2
Monitoring Firewall Services
Download this chapter
Monitoring Firewall ServicesMonitoring Firewall Services
Download the complete book
User Guide for Cisco Performance Monitor 3.2.2 - Whole Book PDFUser Guide for Cisco Performance Monitor 3.2.2 - Whole Book PDF (PDF - 2 MB)
give_us_feedback

Table Of Contents

Monitoring Firewall Services

Working in the Firewall Devices Table

Working With Firewall Device Details

Displaying and Interpreting Device or Module Detail Graphs

Displaying the Device or Module Interfaces Table

Displaying the Device or Module Blocks Table

Displaying the Device or Module Connections Table


Monitoring Firewall Services

Performance Monitor determines the condition of firewall services provided through Cisco Adaptive Security appliances, Cisco Secure PIX Firewall devices and through firewall services modules (FWSM) in Cisco Catalyst 6500 switches.

The following topics explain the firewall monitoring features:

Working in the Firewall Devices Table

Working With Firewall Device Details

Tip To troubleshoot common problems with firewall services, see the Troubleshooting appendix.

Working in the Firewall Devices Table

Performance Monitor provides a high-level overview that shows all of your validated firewall devices, modules, and security contexts in a table. You can use this table to isolate descriptions of their status, usage, and errors.

Procedure

Step 1 Select one of the following:

Monitor > Firewall.

Monitor > Firewall > Devices.

Step 2 Complete the optional tasks that meet your requirements (Table 7-1).

The refreshed display shows the result of any optional task that you complete.

Table 7-1 Optional Tasks in the Firewall Devices Page 

Optional Task
Procedure
Additional Information

Note Table 3-3 on page 3-9 describes additional optional tasks.

Open an event browser and display severe firewall errors only.

Click the alert icon when it is in the Alert column.

To understand event browser GUI elements, click Help in any event browser window.

Display graphs that summarize the condition of a single device, module, or context.

Click the IP address or DNS name of a device, module, or context where it appears in the Device column.

The Device Details page displays graphs that pertain to the device, module, or context that you specify.


Working With Firewall Device Details

The following topics explain the monitoring features for a single firewall device or module:

Displaying and Interpreting Device or Module Detail Graphs

Displaying the Device or Module Interfaces Table

Displaying the Device or Module Blocks Table

Displaying and Interpreting Device or Module Detail Graphs

You can display and work from graphs that illustrate CPU usage, memory usage, interface errors, throughput, and connections for one validated firewall device or module.

Step 1 Select Monitor > Firewall > Device Details.

By default, Performance Monitor displays graphs that describe the health and performance of whichever device or module uses the lowest number as its IP address (Table 7-2).

Step 2 (Optional) To display equivalent data for a different device or service module, select the relevant IP address from the Select Device list.

Table 3-3 on page 3-9 describes other optional tasks that recur throughout the GUI.

Note A known problem might interfere with your ability to interpret a graph that uses two vertical (Y) axes. The first Y axis always begins at zero, but the second Y axis begins at the lowest value for the specified time range—even when that value is greater than zero. Thus, the two Y axes might not be directly comparable.

Table 7-2 Types of Firewall Device Graphs 

Graph Type
Description

CPU Usage

Illustrates used percentages of device or module CPU capacity:

The vertical axis shows the average percentage of CPU capacity used in the relevant polling cycle.

The horizontal axis shows the time of day for the polling cycle.

Memory Usage

Illustrates used percentages of device or module memory capacity:

The vertical axis shows the average percentage of memory capacity used in the relevant polling cycle.

The horizontal axis shows the time of day for the polling cycle.

Throughput vs. Connection

Displays a line graph that helps you compare throughput trends to connection trends over time:

Because it shows two kinds of information, it has two vertical axes.

The vertical axis on the left (orange) shows the average throughput in bytes in the relevant polling cycle.

The vertical axis on the right (blue) shows the average number of firewall connections in the relevant polling cycle.

The horizontal axis shows the time of day at which Performance Monitor calculated the trends in each vertical axis.

Interface Error

Illustrates the trend of device or module interface errors over time:

The vertical axis shows the average number of errors in the relevant polling cycle.

The horizontal axis shows the time of day for the polling cycle.


Displaying the Device or Module Interfaces Table

You can display and work from a table of interface performance statistics for one validated firewall device or module.

Procedure

Step 1 Select Monitor > Firewall > Device Details > Interfaces.

All measured values on the Firewall Interfaces page are computed as deltas—meaning they indicate the scope of difference from one polling cycle to the next.

Step 2 (Optional) To display equivalent data for a different device or service module, select the relevant IP address from the Select Device list.

Table 3-3 on page 3-9 describes other optional tasks that recur throughout the GUI.

Displaying the Device or Module Blocks Table

A block is an internal buffer that processes packets. Values displayed in the Firewall Blocks table describe the state of the blocks on one validated firewall device or module. You can display and work from a table of firewall block statistics.

Procedure

Step 1 Select Monitor > Firewall > Device Details > Blocks.

By default, the Firewall Blocks page displays information for the blocks of whichever device or module uses the lowest number as its IP address.

Step 2 (Optional) To display equivalent information for a different firewall device or module, select an IP address from the Select Device list.

Table 3-3 on page 3-9 describes other optional tasks that recur throughout the GUI.

Displaying the Device or Module Connections Table

A firewall permits or denies a connection after it examines the purpose and protocol of a connection request. You can display and work from a table of connection statistics for one validated firewall device or module.

Procedure

Step 1 Select Monitor > Firewall > Device Details > Connections.

All measured values on the Firewall Connections page are rates, computed per second. (The type of rate is specified in the GUI in every instance of a measured value.)

Step 2 (Optional) To display equivalent data for a different device or service module, select the relevant IP address from the Select Device list.

Table 3-3 on page 3-9 describes other optional tasks that recur throughout the GUI.