Monitoring the Cisco Firepower

eG Enterprise provides a specialized Cisco Firepower monitoring model (see Figure 1), which periodically polls the SNMP MIB of the firewall to measure the availability, responsiveness, resource usage , etc of the firewall, and notifies administrators of potential resource crunches or configuration issues with the firewall.

Figure 1 : The layer model of the Cisco Firepower

Using the metrics reported , administrators can find quick and accurate answers for the following performance questions:

• Is the firewall available over the network? How is the network connectivity to the firewall – solid or flaky?
• How well the CPU was utilized by each processor of the firewall?
• Is there a resource contention on the firewall device? Which resource is bottleneck-ed – CPU or memory?
• How many connections can the firewall service? Is the number of connections currently handled by the firewall unusually high?
• Are too many sessions currently active on the firewall?
• How many connections were utilized by each proxy server connection?
• Are  too many fragmented packets flowing through the firewall? If so, why? Is it because of an incorrect configuration?

The Network layer of the Cisco Firepower model is similar to that of a Windows Generic server model. Therefore, you can refer to the Unix and Windows Serverschapter in which the tests mapped to the Network layer have been discussed briefly.