Monitoring half open connections on a CBAC firewall

pbrears · ‎10-30-2002

Monitoring CBAC firewall

We’ve got a CBAC firewall running on a 7505 (enterprise FW feature set IOS)

I’d like to be able to monitor how many half open connections there are on the firewall. This will let me see how close I am to the maximum number, before the firewall starts closing connections.

I’ve looked at SNMP and there is a CISCO-FIREWALL-MIB which has the right options but this doesn’t seem to be supported on the FW IOS. Is there another way to get this information so we can graph it with something like mrtg.

sh ip inspect sessions lists all the sessions; this gives an instantaneous value but doesn’t really lend itself to long term monitoring.

Taken from MIB:.......

ConnectionStat ::= TEXTUAL-CONVENTION

STATUS current

DESCRIPTION

"This textual convention is used to describe various

connections statistics.

other : A generic connection event.

totalOpen : Total open connections since reboot.

currentOpen : The number of connections currently open.

currentClosing : The number of connections currently closing.

currentHalfOpen : The number of connections currently half-open.

currentInUse : The number of connections currently in use.

high : The highest number of connections in use at

any one time since system startup."

rmushtaq · ‎10-30-2002

I believe that the CISCO-FIREWALL-MIB is only supported by PIX running PIX software.

pbrears · ‎10-31-2002

That seems to be the view I was coming to as well.

Can you suggest another approach to the problem of monitoring this counter. We are trying to understand where the baseline is for our network so we can set the maximum threshold accordingly.