Announcement

Collapse
No announcement yet.

Internet Activity on Cisco 5510 Firewall

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Internet Activity on Cisco 5510 Firewall

    Hello
    We have a cisco 5510 firewall and a cisco 2811 router in our environment.
    Our T1 goes to our firewall, then our router. I'd like to know if there is a log file or something that gets generated when the internet goes down. We've had a couple of outages here and both times it was our sprint provider. Would logging into the router or firewall tell me anything besides the outside interface being down?

  • #2
    Re: Internet Activity on Cisco 5510 Firewall

    The firewall will only log itself, so if his external interface goes down, the router will log this.
    However, the logging buffer is quite small so you need to setup a syslog server where the firewall can put his data to.

    If the outside interface is down, well it's down and he won't tell you if it's the cable or the router off the provider.
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Internet Activity on Cisco 5510 Firewall

      How would I go about setting up this syslog? I'm not a cisco guru but I am familar with the the gui interface. Do I set this up in the firewall or in the router?

      Comment


      • #4
        Re: Internet Activity on Cisco 5510 Firewall

        Here you go for the configuration on the ASA.
        http://www.cisco.com/en/US/products/...805a2e04.shtml

        Here you have an example software which you can use for the syslog server:
        http://www.kiwisyslog.com/
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: Internet Activity on Cisco 5510 Firewall

          Thanks - Would i also need to configure or setup anything in the router to show me a log of any outage ?

          Comment


          • #6
            Re: Internet Activity on Cisco 5510 Firewall

            Originally posted by Dumber View Post
            Here you go for the configuration on the ASA.
            http://www.cisco.com/en/US/products/...805a2e04.shtml

            Here you have an example software which you can use for the syslog server:
            http://www.kiwisyslog.com/

            I have the syslog setup but wanted to know if there are any traps or event notifications to setup to be able to see if the internet goes down? Is there a cisco doc or some type of document that explains this info?

            Comment


            • #7
              Re: Internet Activity on Cisco 5510 Firewall

              Well internet won't go down..
              I'm pretty sure about that

              AFAIK you can't check if the link to your ISP down, however you should be able to monitor if the link to the ISP modem connection goes down.
              Marcel
              Technical Consultant
              Netherlands
              http://www.phetios.com
              http://blog.nessus.nl

              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
              "No matter how secure, there is always the human factor."

              "Enjoy life today, tomorrow may never come."
              "If you're going through hell, keep going. ~Winston Churchill"

              Comment


              • #8
                Re: Internet Activity on Cisco 5510 Firewall

                True, i mean we normally dont have a problem with our internet here. A couple of times it went out due to a glitch on the ISP side. I wanted to know if there is an event we can set in the firewall to notify me by email that it lost communication with our ISP. Can this be done?

                Comment


                • #9
                  Re: Internet Activity on Cisco 5510 Firewall

                  Monitoring when the link goes down can be done with sys logging? would you happen to know where exactly this can be set in the asa 5510 firewall?

                  Comment


                  • #10
                    ASA 5510 - setting an snmp trap for notification

                    Does anyone know where in the ASA 5510 firewall you can set up a trap to notify you via email when the outside interface goes down due to an internet outage??

                    Comment


                    • #11
                      Re: ASA 5510 - setting an snmp trap for notification

                      hmmm maybe is snmp a better option.
                      review this one:
                      http://www.cisco.com/en/US/products/...80094a13.shtml
                      Marcel
                      Technical Consultant
                      Netherlands
                      http://www.phetios.com
                      http://blog.nessus.nl

                      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                      "No matter how secure, there is always the human factor."

                      "Enjoy life today, tomorrow may never come."
                      "If you're going through hell, keep going. ~Winston Churchill"

                      Comment


                      • #12
                        Re: Internet Activity on Cisco 5510 Firewall

                        Just set up a ping script that pings some public address like 4.2.2.2 every 5 minutes and your firewall. Have it send you an email when it recieves no reply.


                        Or look into a host based monitoring program like Nagios so you can get historical data... Works for me.

                        Comment

                        Working...
                        X