Monitor Firepower firewalls
Automate the monitoring and management of your Cisco Firepower infrastructure to provide visibility and help ensure service availability.
Ensure that services dependent on your firewall are available:
- Monitor VPN tunnels: to guarantee the connectivity between sites. Monitor the tunnel status, bandwidth usage, and information about completed phases. View user sessions on remote access tunnels.
Out-of-the-box alert
- Site-to-Site (L2L) VPN tunnel down for Firepower
Out-of-the-box reports
- VPN Site-to-Site Tunnel History - Last 30 Days
- VPN Remote Access Tunnel History - Last 30 Days
Add tunnels for monitoring
When adding Firepower nodes for monitoring, all available Site-to-Site tunnels are listed in the List Resources step. See Add a single node for monitoring.
By default, only up tunnels are selected for monitoring. If you want to monitor a tunnel that is currently down, select it manually.
To change monitored Site-to-Site tunnels for a node, go to the Node Details widget and click List Resources. Adjust the tunnels to be monitored.
Monitor VPN tunnels
Get basic visibility to your nodes so that you can troubleshoot tunnels with issues.
- Log in to the SolarWinds Platform Web Console.
- On the Summary view, locate and click your Firepower firewall node to go to the Node Details view.
- Click the Site-to-Site VPN or remote access VPN icon in the subviews menu on the left side of the SolarWinds Platform Web Console.
Tunnel status
The Site-to-Site VPN tunnel status reflect the success or failure of the following phases.
-
In phase 1, a secure communication channel between VPN peers is set up. This includes encryption, authentication, and key exchange parameters. If phase 1 fails, the tunnel cannot be established.
-
In phase two, the actual data transfer parameters (encryption, hashing algorithms for traffic) are negotiated. This phase defines what traffic is allowed through the channel.
| Phase 1 status | Phase 2 status | Tunnel status |
|---|---|---|
| Active | All active | Up |
| Active | At least one active | Up |
| Active | All inactive | Inactive |
| Destroyed/failed | N/A | Down |
Polling
Firepower node status is polled every two minutes. Statistics are polled every ten minutes.
You can change the polling frequencies by editing the node. See Edit node properties.
Site-to-Site VPN
Site-to-Site VPN provides information about office-to-office tunnels.
Non-existent or dead tunnels are automatically removed by the Orion Collector Service.
Review the list of Site-to-Site VPN tunnels on the device. Use the search and filter options to find a Site-to-Site VPN tunnel and see more details.
Click the star icon to add a Site-to-Site VPN tunnel to favorites that are featured on the Node Details for ASA - Summary view.
Status information
-
If the tunnel is down, see the information about the last phase completed successfully.
-
For up tunnels, see the encryption, hashing info, in and out traffic, and the duration of the tunnel.
Remote access VPN
On the Remote access VPN subview, you can see a list of remote access tunnels, with the user name and tunnel duration details.
By default, non-existent or dead tunnels are removed after two days.
Search for tunnels, or filter results to find specific tunnels.