Submit a ticketCall us

Putting Your Logs Where They Belong with the New SolarWinds Log Manager for Orion

The new SolarWinds® Log Manager for Orion® finally puts your log data right where it belongs, in the heart of your Orion console. Gain insight into the performance of your infrastructure by monitoring your logs in a unified console allowing you to see a wealth of information about the health and performance of your network and servers.

Reserve a Seat for Wednesday May 23rd 11am CDT | Reserve a Seat for Tuesday May 22nd 10:30am GMT | Reserve a Seat for Tuesday May 22nd 1pm SGT / 3pm AEST

Home > Success Center > Network Configuration Manager (NCM) > NCM 7.7 Administrator Guide > Cisco ASA ACL rules > Manage Cisco ASA ACLs

Manage Cisco ASA ACLs

Created by Melanie Boyd, last modified by Melanie Boyd on Sep 26, 2017

Views: 498 Votes: 0 Revisions: 1

Use SolarWinds NCM to help you manage the access control lists (ACLs) for your Cisco ASA devices:

Display the ACLs on a Cisco ASA firewall

  1. Choose My Dashboards > Configuration Management.
  2. Double-click the name of a Cisco ASA node.

    The Node Details page opens.

  3. From the menu on the left, choose Access Lists.

    The Access Lists page lists the ACLs configured for that node. If the ACL has changed, click the arrow to display a list of previous versions.

    A a warning icon icon_warn.png indicates that the ACL contains overlapping rules. You can display the ACL rules to find out which rules overlap.

    ACL_rules.png

Compare ACLs

Use NCM to quickly locate the differences between ACLs or ACL versions. For example, you can compare two versions of the same ACL to verify that changes were implemented correctly. Or you can compare ACLs on different nodes to verify that the same rules are being applied on both devices.

Compare ACLs on the same node

  1. Display the list of ACLs on a Cisco ASA firewall.
  2. Select the ACLs or ACL versions to compare.

    To compare the current version to a previous version, expand the node to list previous versions.

  3. At the top of the page, click Compare ACL.

    The rules from both ACLs are displayed beside each other. The line number of rules with differences are highlighted.

Compare ACLs on different nodes

To compare ACLs on different nodes, first select two ACLs on the same node, and then change one of the ACLs being compared.

  1. Display the list of ACLs on one of the Cisco ASA firewalls.
  2. Select the ACL that you want to compare, and any other ACL on that node.

    You will change the second selection later.

  3. At the top of the page, click Compare ACL.

    The rules from both ACLs are displayed beside each other. The line number of rules with differences are highlighted.

  4. Change the second ACL to an ACL on a different node:
    1. Near the top of the page, click Change ACLs Compared.
    2. Select the node, interface, name, and version of the ACL you want to compare.
    3. Click Change.

Display ACL rules

When you display ACL rules, also known as Access Control Entries (ACEs), SolarWinds NCM identifies overlapping rules, which might require additional investigation.

  1. Display the list of ACLs on a Cisco ASA firewall.
  2. Click an ACL name.

    The rules (or ACEs) are listed on the Rules of This Access List page. The right column shows the number of hits, and a warning icon  indicates that the rule overlaps another rule.

  3. Filter or reorder the rules to help you find information.

    • To filter the rules, select the filter criteria in the left column.

      Click Edit Filter Properties to change the options available for filtering.

    • To order the rules by hit count instead of line number, open the drop-down menu above the rules and choose Hit count.

Investigate overlapping rules

  1. Display ACL rules.

  2. Point to warning icon  that identifies a rule that overlaps another rule.

    A message describes the issue.

    OverlappingRules.png

  3. Click Show the details.

    A dialog box displays the preceding rule(s) that shadow the rule or make it redundant.

Display information about objects or object groups

  1. Display ACL rules.

  2. If an object or object group is listed as the source or destination of a rule, click the name of an object or object group.

    Information about the current version of the object or object group is shown on the right.

  3. To view information about a previous version of the object or object group, select a version from the drop-down menu.

  4. To compare another version to the currently selected version, click Compare Diff and select the version.

 

Last modified

Tags

Classifications

Public