Submit a ticketCall us

Training ClassThe Orion® Platform Instructor-led Classes

Provided by SolarWinds® Academy, these trainings will introduce users to the Orion Platform and its features, management, and navigation. These courses are suitable for users looking to discover new tips, tricks, and ways to adapt their Orion products to better suit their monitoring needs:
Deploying the Orion Platform
Configuring Orion views, maps, and accounts
Configuring Orion alerts and reports

Reserve your seat.

Home > Success Center > Network Performance Monitor (NPM) > NPM - Knowledgebase Articles > NPM 12.2 and NCM 7.7 feature: Network Insight for Cisco ASA firewalls

NPM 12.2 and NCM 7.7 feature: Network Insight for Cisco ASA firewalls

Last Updated: September 13, 2017 

Network Insight for Cisco ASA automates the monitoring and management of your ASA infrastructure to provide visibility and help ensure service availability.

  • Ensure health and performance of the ASA. If the ASA goes down, critical business services will not be available.
  • Get visibility into VPN tunnel connectivity. Prevent loss of connectivity to remote locations.
  • Analyze ACL configs. Identify shadowed and redundant rules.


Want to learn more about PerfStack and Network Insight for ASA? Check out New Feature Training: Improved Troubleshooting Tools with NPM 12.2 and PerfStack, available at SolarWinds Academy.

Ensure that services dependent on your firewall are available

These features require NPM 12.2.

  • Monitor the status of VPN tunnels to help ensure connectivity between sites.
  • Monitor firewall high availability health and readiness.
  • Monitor interfaces with firewall metrics such as security level
  • Monitor failover situations
  • Monitor the count of connections in use, and failed connections

Enjoy the complete visibility into the health and performance of your firewall infrastructure

These features require NCM 7.7.

  • Filter, search, and view ACLs including object groups.
  • Translate interfaces from a physical name to a logical name for enhanced visibility.
  • Automate the identification of ACL config changes.

Automate firewall activities to improve operational efficiency

These features require NCM 7.7.

  • Optimize ACLs through the elimination of redundant and shadowed rules. Single click to view ACL.
  • Snapshot and version ACL configs.
  • Compare differences in ACL config versions.


See the  Network Insight for Cisco ASA Firewalls Getting Started Guide for more information.

Add Cisco ASA firewalls for monitoring

Data for monitoring Cisco® ASA firewalls is polled by a combination of SNMP and CLI polling. To get accurate ASA-specific information, add the firewall device to NPM as a node, and provide CLI credentials.

Enable CLI polling on monitored ASA devices

To poll firewall-specific data on ASA devices already monitored in SolarWinds NPM, enable CLI polling for ASAs.

Access Network Insight for Cisco ASAs

Go to the Node details view for the ASA node and see the relevant information.

Review the node details, such as firmware version or IP address.
See the load summary on the device: average percent memory used, average CPU load, and connections in use.
Click Performance Analyzer to open Performance Analysis dashboard for the ASA node featuring predefined metrics.
Review the hardware health and high availability status. Click See details to go to the Platform overview, and see more information about High Availability.
See the top 3 site-to-site VPN tunnels. How do I add tunnels to this resource?
Review the In and Out bandwidth of favorite interfaces. How do I add interfaces here?
callout7.png See the basic overview of monitored site-to-site tunnels.

Review the Platform health

On the ASA node details summary, click the Platform Overview. 

Review the High Availability details, RAM and CPU load, the number of connections on the ASA, and the rate of failed connections.


Select important interfaces and site-to-site VPNs to see the info on the summary page

To see important interfaces and site-to-site VPNs on the ASA summary page, specify up to three favorites.

  1. Click Interfaces or Site-to-site VPN tunnels on the subview menu on the left.
  2. Click the star for interfaces or site-to-site tunnels you want to see on the summary page.


Review site-to-site tunnels


Review remote sessions


View and compare ACL rules for Cisco ASA devices 

You can use NCM 7.7 to examine the rules that make up an access control list (ACL) for a Cisco ASA device. After displaying a set of rules, you can:

  • Apply filters to display only rules that meet the specified criteria. Filter by rule type, source, destination, protocol, object, or object type.
  • Order the rules by line number or by hit count.
  • Show or hide remarks.
  • View information about objects or object groups included in a rule. If the object or object group has been modified, you can compare the current version to a previous version.

You can also compare two different ACLs, or two versions of the same ACL. The rules from each ACL are displayed beside each other, and lines with differences are highlighted.

Support for multiple contexts

The Cisco ASA (Adaptive Security Appliance) provides multiple security contexts on a single device. You can use NCM to back up and restore configurations for all contexts.

Redundant and shadowed rule detection 

Shadowed and redundant rules are ACL rules that will never be executed because the affected traffic has already been processed by a previous rule. NCM detects and reports these rules. Eliminating shadowed and redundant rules reduces the size of the rule set, making it easier to manage, and helps you ensure that the rules achieve the intended results.

NCM detects four types of rules:

  • Fully Shadowed
  • Partially Shadowed
  • Fully Redundant
  • Partially Redundant

For more information about each type of rule, see Overlapping ACL rules.

Alerts and Reports

Network Insight for ASAs includes the following alerts:

  • Failover on ASA node
  • High Availability on ASA Node is not up
  • VPN Site-to-Site tunnel down
  • Connections in use exceeding threshold on ASA node

Network Insight for ASAs includes the following reports:

  • VPN Site-to-Site Tunnel History - Last 30 Days
  • VPN Remote Access Tunnel History - Last 30 Days

Learn more...

Last modified