Once you’ve setup your Cisco ASA, you will want to monitor it to ensure that it’s operating normally. The plugin nm_check_asa_connections for Nagios, and compatible products, can warn your if the number of current connections gets too high. A very high connection count might indicate that there’s an attack under way on one of your servers, you have some hosts on your inside which are part of a botnet and is attacking someone else, or perhaps you’re just about to grow out of your current firewall and need an upgrade to a more powerful box.
Aside from the standard settings inherited from the Nelmon SNMP plugins, nm_check_asa_connections uses the -w and -c arguments.
This is an example using SNMPv2 where the plugin would report a warning state for 230000 connections and critical state for 245000 connections.
./nm_check_asa_connections -H 172.16.12.1 -P 2c -C C1sc0 -w 230000 -c 245000
An example using SNMPv3 with AES for encryption and SHA for integrity returning a warning state for 720000 and critical for 740000 connections.
./nm_check_asa_connections -H 172.16.12.1 -P 3 -L authPriv -a SHA -x AES -U snmp_user -A Authpass123 -X Privpass456 -w 720000 -c 740000
Download Nelmon – The nm_check_asa_connections is located in the plugins directory.