Understand ASA platform health in NPM
Understand the health of the Cisco® ASA platform, for example power supplies, ASA high availability status, and other platform-wide health attributes.
- Log in to the SolarWinds Platform Web Console.
- On the Summary view, locate your ASA firewall node, and click it to go to the Node Details view.
- Review the Node Details for ASA - Summary subview.
-
Click the Platform subview to see more details about the ASA platform health, such as ASA high availability status, RAM and CPU status, connections, and connection rates.
The Summary only displays widgets relevant for the ASA device.
Review the node details, such as firmware version, or IP address. | |
See the load summary on the device - average percent memory used, average CPU load, and connections in use. | |
Click Performance Analyzer to open the Performance Analysis dashboard for the ASA node and view predefined metrics. | |
Review the hardware health and high availability status. Click See details to go to the Platform overview, and see more information about High Availability. Hardware health information is displayed only if it is available on the device. |
|
See the top 3 Site-to-Site VPN tunnels. How do I add tunnels to this resource? |
|
Review the In and Out bandwidth of favorite interfaces. How do I add interfaces here? |
|
See the basic health overview of monitored Site-to-Site tunnels. |
Review the node details, such as firmware version, or IP address. | |
Review the RAM and CPU utilization of the device. | |
Review the node and ASA high availability status. | |
Review the number of connections in use over a time period. | |
Review the number of failed connections over a time period. |
What other aspect of the ASA platform are you interested in?
Monitor contexts
If you have configured contexts on a monitored ASA device, they are listed in the Contexts widget, or resource on the Node Details for ASA - Summary view.
To add a context configured on a monitored ASA device, click the Monitor Node link and add the context to NPM using CLI credentials. NPM provides the same monitoring details as for other ASA nodes.
Each monitored context requires a node license.
To monitor a context without monitoring the ASA device, add the context to NPM using CLI credentials.
- Monitoring an Administrator context also lists other configured contexts in the widget.
- Monitoring a non-Administrator context only gives you information about the context.
Monitor high availability for Cisco ASA devices
On the Node Details for ASA - Summary, review the high availability information in the Platform Summary resource to help monitor your ASA devices.
Click the See details link, and view the High Availability widget on the Platform subview.
ASA node statuses
See the node status options for ASA devices.
The color of the circle indicates the node status.
Icon | Description/Action |
---|---|
The node is up and running. | |
The node's status is Warning. The node did not respond to a ping request and is fast-polled for 120 seconds. | |
The node is not monitored in NPM. For details, see Troubleshoot Unknown nodes.
If the node is monitored with NPM, verify that you configured both an IP address and a stand-by IP address for each active ASA interface so the node can be paired correctly. |
|
The node is down. The node did not respond during the fast-poll period of 120 seconds. |
Labels next to the icons tell you what type of ASA high availability is configured, and the role of individual nodes:
- Standby/Active
- Primary/Secondary
ASA high availability statuses
NPM polls the following high availability statuses on ASA devices. NPM orders the statuses according to importance with device issues listed first.
-
Standby ready (up, down, or unknown)
-
Configuration state (up, down, or unknown)
-
Connection state sync (up, down, or unknown)
ASA devices (active and standby) see each other and agree that the standby ASA is ready for failover.
If the Configuration state is synced, both ASA devices report that the configuration is synchronized.
If the Configuration state is not synced, ASA devices report that the configuration is not synchronized. If you have NCM installed, click to see the configuration difference.
State - synced means that both ASA devices report that the high availability state is synchronized.
The overall high availability status is indicated by the color of the line:
- Critical status (red): the Standby ready status is down, and the Configuration state and Connection sync are not relevant.
- Warning status (yellow): the Standby ready status is up, and Configuration and Connection states are either down or unknown.
- Up (green): the Standby ready status is up, and the other states are either up or unknown.
- Unknown (gray): the Standby ready status is unknown, and the other statuses are either up or unknown.
For help, see High Availability widget.
Monitor interfaces
Review the Bandwidth widget, or resource, that shows the traffic going through your favorite interfaces, and then click the Interfaces subview in the navigation bar on the left.
If the Bandwidth widget is empty, you have no favorite interfaces. Specify up to three favorite interfaces.
NPM labels interfaces with the nameif
attribute that reflects the interface function.
To add an interface to widgets on the Summary Page, click the star for the interface.
Select favorite interfaces and Site-to-Site VPNs for the Summary subview
Specify important interfaces and Site-to-Site VPN tunnels as favorite objects, and keep track of their status directly from the Node Details for ASA - Summary view.
- For VPN tunnels, click the Site-to-Site VPN subview.
- For interfaces, click the Interfaces subview.
- Click the star for objects you want to see on the Summary subview. You can have up to three favorite interfaces and up to three favorite VPN tunnels.
The interfaces with stars are displayed on the Bandwidth widget and VPN tunnels with stars are displayed on the Favorite Site-to-Site VPN resource.