Using SNMP to monitor connection states on a FW

Andrew Kirkby · ‎10-17-2016

I've been doing some reading around and it appears to be reasonably simple to monitor the connection rate and total connections through an ASA. However, I'm looking to be able to monitor the number of connections and their states at a given time - i.e. as per the output available from 'show conn'

Has anyone achieved this using this using SNMP? I've not managed to spot a OID that would make this available?

As a last resort I could script this via SSH etc but it's not really the most elegant of solutions :-)

Andy.

luijimen · ‎10-17-2016

Hi Andrew,

I dont have an ASA to try this on, but I believe the CISCO-FIREWALL-MIB would be the one you need. Specifically, the cfwConnectionStatTable (1.3.6.1.4.1.9.9.147.1.2.2.2), looks like the one which will contain information on each connection, similar to the "show conn" CLI command.

Hope this helps,

Luis

Andrew Kirkby · ‎10-18-2016

Hi Luis,

Thanks for the response. Unfortunately that OID gives the current & max count of connections but does not actually return the state of those connections -

[XXXXXXX@xxx-xxxx-xxxxx-001 ~]$ snmpwalk -v 2c -r 1 -t 1 -c xxxxxxxxx xxx.xx.xx.xxx 1.3.6.1.4.1.9.9.147.1.2.2.2
SNMPv2-SMI::enterprises.9.9.147.1.2.2.2.1.3.40.6 = STRING: "number of connections currently in use by the entire firewall"
SNMPv2-SMI::enterprises.9.9.147.1.2.2.2.1.3.40.7 = STRING: "highest number of connections in use at any one time since system startup"
SNMPv2-SMI::enterprises.9.9.147.1.2.2.2.1.4.40.6 = Counter32: 0
SNMPv2-SMI::enterprises.9.9.147.1.2.2.2.1.4.40.7 = Counter32: 0
SNMPv2-SMI::enterprises.9.9.147.1.2.2.2.1.5.40.6 = Gauge32: 8681
SNMPv2-SMI::enterprises.9.9.147.1.2.2.2.1.5.40.7 = Gauge32: 8716
[XXXXXXX@xxx-xxxx-xxxxx-001 ~]$

I may need to look at options for scripting this via the CLI.

Andy.