Administer > Monitor your network > Monitor ASA firewalls > Understand platform health

Understand ASA platform health

Understand the health of the Cisco® ASA platform, for example power supplies, ASA high availability status, and other platform-wide health attributes.

  1. Log in to the Orion Web Console.
  2. On the Summary view, locate your ASA firewall node, and click it to go to the Node Details view.
  3. Review the Node Details for ASA - Summary subview.
  4. The Summary only displays widgets relevant for the ASA device.

    Review the node details, such as firmware version, or IP address.
    See the load summary on the device - average percent memory used, average CPU load, and connections in use.
    Click Performance Analyzer to open the Performance Analysis dashboard for the ASA node and view predefined metrics.

    Review the hardware health and high availability status. Click See details to go to the Platform overview, and see more information about High Availability.

    Hardware health information is displayed only if it is available on the device.

    See the top 3 Site-to-Site VPN tunnels.
    How do I add tunnels to this resource?
    Review the In and Out bandwidth of favorite interfaces.
    How do I add interfaces here?
    See the basic health overview of monitored Site-to-Site tunnels.
  5. Click the Platform subview to see more details about the ASA platform health, such as ASA high availability status, RAM and CPU status, connections, and connection rates.
  6. Review the node details, such as firmware version, or IP address.
    Review the RAM and CPU utilization of the device.
    Review the node and ASA high availability status.
    Review the number of connections in use over a time period.
    Review the number of failed connections over a time period.

What other aspect of the ASA platform are you interested in?

Monitor contexts

If you have configured contexts on a monitored ASA device, they are listed in the Contexts widget, or resource on the Node Details for ASA - Summary view.

To add a context configured on a monitored ASA device, click the Monitor Node link and add the context to NPM using CLI credentials. NPM provides the same monitoring details as for other ASA nodes.

Each monitored context requires a node license.

To monitor a context without monitoring the ASA device, add the context to NPM using CLI credentials.

  • Monitoring an Administrator context also lists other configured contexts in the widget.
  • Monitoring a non-Administrator context only gives you information about the context.

Monitor high availability for Cisco ASA devices

On the Node Details for ASA - Summary, review the high availability information in the Platform Summary resource to help monitor your ASA devices.

Click the See details link, and view the High Availability widget on the Platform subview.

ASA node statuses

See the node status options for ASA devices.

The node status is reflected in the color of the circle.

Icon Description/Action
The node is up and running.
The node's status is Warning. The node did not respond to a ping request and is fast-polled for 120 seconds.

The node is not monitored in NPM. See Troubleshoot Unknown nodes for more details.
Add the node as monitored to get details about the node, such as the node name.

The node is down. The node did not respond during the fast-poll period of 120 seconds.

Labels next to the icons tell you what type of ASA high availability is configured, and the role of individual nodes:

  • Standby/Active
  • Primary/Secondary

ASA high availability statuses

NPM polls the following high availability statuses on ASA devices. NPM orders the statuses according to importance with device issues listed first.

  • Standby ready (up, down, or unknown)

  • Standby ready means that ASA devices (both the active and standby) see each other and agree that the standby ASA is ready for failover.

  • Configuration state (up, down, or unknown)

  • If the Configuration state is synced, both ASA devices report that the configuration is synchronized.

    If the Configuration state is not synced, ASA devices report that the configuration is not synchronized. If you have NCM installed, click to see the configuration difference.

  • Connection state sync (up, down, or unknown)

  • State - synced means that both ASA devices report that the high availability state is synchronized.

The overall high availability status is indicated by the color of the line:

  • Critical status (red): the Standby ready status is down, and the Configuration state and Connection sync are not relevant.
  • Warning status (yellow): the Standby ready status is up, and Configuration and Connection states are either down or unknown.
  • Up (green): the Standby ready status is up, and the other states are either up or unknown.
  • Unknown (gray): the Standby ready status is unknown, and the other statuses are either up or unknown.

For help, see High Availability widget.

Monitor interfaces

Review the Bandwidth widget, or resource, that shows the traffic going through your favorite interfaces, and then click the Interfaces subview.

If the Bandwidth widget is empty, you have no favorite interfaces. Specify up to three favorite interfaces.

NPM labels interfaces with the nameif attribute that reflects the interface function.

To add an interface to widgets on the Summary Page, click the star for the interface.

Select favorite interfaces and Site-to-Site VPNs for the Summary subview

Specify important interfaces and Site-to-Site VPN tunnels as favorite objects, and keep track of their status directly from the Node Details for ASA - Summary view.

  1. For VPN tunnels, click the Site-to-Site VPN subview.
  2. For interfaces, click the Interfaces subview.
  3. Click the star for objects you want to see on the Summary subview. You can have up to three favorite interfaces and up to three favorite VPN tunnels.

The interfaces with stars are displayed on the Bandwidth widget and VPN tunnels with stars are displayed on the Favorite Site-to-Site VPN resource.