06-13-2013 10:03 AM - edited 03-11-2019 06:57 PM
Hi,
I am getting alert on high discard rates on FW interfaces via a monitoring tool. Just want to validate if the packets dropped by ACL's are also contributing to the high discard rate counter? If this is the case what would be an acceptable threshold to set High Discard rate on FW interfaces to insure I do not miss an actual issue regarding high discard rate. "Interface::I-Interface_Performance_CiscoRouter_Ethernet-IF-XXX-XXXX-SEC/4::HighDiscardRate"
Solved! Go to Solution.
06-13-2013 10:31 AM
Hello,
The packet-drop being seeing on the ASA interfaces are related to the security checks being done by the firewall (involves Inspections, ACLs, RPF checks, etc) so there is no treshold, it will all depends on how much traffic u are receiving on your ASA.
Regards,
Remember to rate all of the helpful posts.
For this community that's as important as a thanks.
06-13-2013 10:49 AM
Hello,
Well, that would depend again of the enviroment you have there,
As an example I would not focus much on ACL drops logs ( as they are already being denied, altough it will let you know what traffic is trying to reach ur network) but the treshold would be way higher based on the fact that is common to drop a lot of traffic via an ACL.
But I do not have a specific treshold that I could provide as it will depend on the enviroment.
Remember to rate all of the helpful posts.
For this community that's as important as a thanks.
06-13-2013 10:56 AM
Hello,
Do u have any other question?
Otherwise u can mark the question as answered
Remember to rate all of the helpful posts.
For this community that's as important as a thanks.
06-13-2013 10:31 AM
Hello,
The packet-drop being seeing on the ASA interfaces are related to the security checks being done by the firewall (involves Inspections, ACLs, RPF checks, etc) so there is no treshold, it will all depends on how much traffic u are receiving on your ASA.
Regards,
Remember to rate all of the helpful posts.
For this community that's as important as a thanks.
06-13-2013 10:44 AM
Hi Thanks. The threshold I was speaking of would be on the monitoring system (when to alert on)
06-13-2013 10:49 AM
Hello,
Well, that would depend again of the enviroment you have there,
As an example I would not focus much on ACL drops logs ( as they are already being denied, altough it will let you know what traffic is trying to reach ur network) but the treshold would be way higher based on the fact that is common to drop a lot of traffic via an ACL.
But I do not have a specific treshold that I could provide as it will depend on the enviroment.
Remember to rate all of the helpful posts.
For this community that's as important as a thanks.
06-13-2013 10:51 AM
Thank you for your feedback, much appreciated
06-13-2013 10:56 AM
Hello,
Do u have any other question?
Otherwise u can mark the question as answered
Remember to rate all of the helpful posts.
For this community that's as important as a thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide