[mrtg] fwsm context traffic

paolo asapowell_1 at yahoo.com
Thu Apr 2 10:19:17 CEST 2009 

Hi,
I finally managed to measure traffic in the virtual firewalls, fwsm 3.2 routing mode. In summary I did nothing special, I only had troubles with one of such firewalls, but it was the first I tried and this made me lose a lot of time.  

Mike, I also measure traffic in the 6 Gb backplane using the port channel as described in the document I mention in the first email.

Regards
--- On Wed, 3/25/09, Mike Mitchell <Mike.Mitchell at sas.com> wrote:

> From: Mike Mitchell <Mike.Mitchell at sas.com>
> Subject: Re: [mrtg] fwsm context traffic
> To: "Justin M. Streiner" <mrtg at cluebyfour.org>, "mrtg at lists.oetiker.ch" <mrtg at lists.oetiker.ch>
> Date: Wednesday, March 25, 2009, 7:43 AM
> I'm running 3.2(10) without
> contexts.
> I do
>         cfgmaker --ifref ip --ifdesc
> alias community at firewall:::::2
> and haven't had a problem.  I'm seeing traffic over
> 400 Mbps, so I know it's using the HC counters.
> 
> Actually, I do have one problem.  The FSM reports 1
> Gbps for 'ifSpeed' on each interface.  It should really
> be 6 Gbps.  Occasionally I exceed 1 Gbps and the graphs
> show 'Unknown' for those periods.
> 
> Mike Mitchell
> 
> -----Original Message-----
> From: mrtg-bounces at lists.oetiker.ch
> [mailto:mrtg-bounces at lists.oetiker.ch]
> On Behalf Of Justin M. Streiner
> Sent: Tuesday, March 24, 2009 10:09 PM
> To: mrtg at lists.oetiker.ch
> Subject: Re: [mrtg] fwsm context traffic
> 
> On Tue, 24 Mar 2009, paolo wrote:
> 
> > Right, I'm polling each context individually. I get
> the interfaces list
> > for each one properly populated with the right name
> and gigabit speed, but
> > it fails getting the counters (no V2 counters,
> dropping back to V1).
> > But neither V1 counters are there when I poll with the
> proper OID.
> >
> > I think it has to do with the fact they are virtual
> interfaces. I can
> > measure overall traffic in the 6 Gb backplane
> etherchannel but I
> > need traffic per context (DMZ, Intranet....).
> 
> At this point I'm not doing per-context statistics.  I
> also checked and I
> don't see any Counter64s when I walk the MIB-II tree or
> the
> vendor-specific MIB tree on one of my FWSMs, which leads me
> to believe
> that the HC counters are not implemented in the FWSM 3.2
> MIB.  I don't
> have any FWSMs running 4.0 at this point, but I should
> probably stand one
> up in my lab at some point.
> 
> I'm running 3.2(7) on most of my FWSMs at the moment.
> 
> As a work-around you could probably poll the HC counters
> for the Vlan
> interfaces that are getting sent into the FWSM.  Are
> you running in
> transparent mode or routed mode?
> 
> jms
> 
> > --- On Tue, 3/24/09, McDonald, Dan <Dan.McDonald at austinenergy.com>
> wrote:
> >
> >> From: McDonald, Dan <Dan.McDonald at austinenergy.com>
> >> Subject: Re: [mrtg] fwsm context traffic
> >> To: mrtg at lists.oetiker.ch
> >> Date: Tuesday, March 24, 2009, 3:41 PM
> >> On Tue, 2009-03-24 at 11:55 -0700,
> >> paolo wrote:
> >>> Hi,
> >>> I use the 6500 fw service module (v3.2) and
> I'm trying
> >> to measure
> >>> traffic in the interfaces of my virtual
> firewalls
> >> -contexts- using
> >>> mrtg. But when the mrtg snmp poller contacts
> the
> >> virtual firewall, it
> >>> answers that no V2 counters (high speed
> counters) were
> >> found despite
> >>> it properly reports the interface name and
> speed.
> >>
> >> Odd, I've not had any problem detecting HC
> counters on fwsm
> >> 2.3.5 using
> >> snmp v2c
> >>
> >>> Has anybody been successful in measuring
> traffic of
> >> this fwsm contexts
> >>> using mrtg or similar? Maybe this counters are
> not
> >> filled by the fw
> >>> and then there's no way?
> >>
> >> Yes, but I'm not using contexts.  I think you
> have to
> >> monitor every
> >> context individually (meaning, treat them as
> separate
> >> firewalls, each
> >> with its own snmp config...)
> >>
> >> --
> >> Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
> >> Austin Energy
> >> http://www.austinenergy.com
> >>
> >>
> >> -----Inline Attachment Follows-----
> >>
> >> _______________________________________________
> >> mrtg mailing list
> >> mrtg at lists.oetiker.ch
> >> https://lists.oetiker.ch/cgi-bin/listinfo/mrtg
> >>
> >
> >
> >
> >
> > _______________________________________________
> > mrtg mailing list
> > mrtg at lists.oetiker.ch
> > https://lists.oetiker.ch/cgi-bin/listinfo/mrtg
> >
> 
> _______________________________________________
> mrtg mailing list
> mrtg at lists.oetiker.ch
> https://lists.oetiker.ch/cgi-bin/listinfo/mrtg
>

More information about the mrtg mailing list