Hi, I finally managed to measure traffic in the virtual firewalls, fwsm 3.2 routing mode. In summary I did nothing special, I only had troubles with one of such firewalls, but it was the first I tried and this made me lose a lot of time.
Mike, I also measure traffic in the 6 Gb backplane using the port channel as described in the document I mention in the first email. Regards --- On Wed, 3/25/09, Mike Mitchell <[email protected]> wrote: > From: Mike Mitchell <[email protected]> > Subject: Re: [mrtg] fwsm context traffic > To: "Justin M. Streiner" <[email protected]>, "[email protected]" > <[email protected]> > Date: Wednesday, March 25, 2009, 7:43 AM > I'm running 3.2(10) without > contexts. > I do > cfgmaker --ifref ip --ifdesc > alias commun...@firewall:::::2 > and haven't had a problem. I'm seeing traffic over > 400 Mbps, so I know it's using the HC counters. > > Actually, I do have one problem. The FSM reports 1 > Gbps for 'ifSpeed' on each interface. It should really > be 6 Gbps. Occasionally I exceed 1 Gbps and the graphs > show 'Unknown' for those periods. > > Mike Mitchell > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] > On Behalf Of Justin M. Streiner > Sent: Tuesday, March 24, 2009 10:09 PM > To: [email protected] > Subject: Re: [mrtg] fwsm context traffic > > On Tue, 24 Mar 2009, paolo wrote: > > > Right, I'm polling each context individually. I get > the interfaces list > > for each one properly populated with the right name > and gigabit speed, but > > it fails getting the counters (no V2 counters, > dropping back to V1). > > But neither V1 counters are there when I poll with the > proper OID. > > > > I think it has to do with the fact they are virtual > interfaces. I can > > measure overall traffic in the 6 Gb backplane > etherchannel but I > > need traffic per context (DMZ, Intranet....). > > At this point I'm not doing per-context statistics. I > also checked and I > don't see any Counter64s when I walk the MIB-II tree or > the > vendor-specific MIB tree on one of my FWSMs, which leads me > to believe > that the HC counters are not implemented in the FWSM 3.2 > MIB. I don't > have any FWSMs running 4.0 at this point, but I should > probably stand one > up in my lab at some point. > > I'm running 3.2(7) on most of my FWSMs at the moment. > > As a work-around you could probably poll the HC counters > for the Vlan > interfaces that are getting sent into the FWSM. Are > you running in > transparent mode or routed mode? > > jms > > > --- On Tue, 3/24/09, McDonald, Dan <[email protected]> > wrote: > > > >> From: McDonald, Dan <[email protected]> > >> Subject: Re: [mrtg] fwsm context traffic > >> To: [email protected] > >> Date: Tuesday, March 24, 2009, 3:41 PM > >> On Tue, 2009-03-24 at 11:55 -0700, > >> paolo wrote: > >>> Hi, > >>> I use the 6500 fw service module (v3.2) and > I'm trying > >> to measure > >>> traffic in the interfaces of my virtual > firewalls > >> -contexts- using > >>> mrtg. But when the mrtg snmp poller contacts > the > >> virtual firewall, it > >>> answers that no V2 counters (high speed > counters) were > >> found despite > >>> it properly reports the interface name and > speed. > >> > >> Odd, I've not had any problem detecting HC > counters on fwsm > >> 2.3.5 using > >> snmp v2c > >> > >>> Has anybody been successful in measuring > traffic of > >> this fwsm contexts > >>> using mrtg or similar? Maybe this counters are > not > >> filled by the fw > >>> and then there's no way? > >> > >> Yes, but I'm not using contexts. I think you > have to > >> monitor every > >> context individually (meaning, treat them as > separate > >> firewalls, each > >> with its own snmp config...) > >> > >> -- > >> Daniel J McDonald, CCIE #2495, CISSP #78281, CNX > >> Austin Energy > >> http://www.austinenergy.com > >> > >> > >> -----Inline Attachment Follows----- > >> > >> _______________________________________________ > >> mrtg mailing list > >> [email protected] > >> https://lists.oetiker.ch/cgi-bin/listinfo/mrtg > >> > > > > > > > > > > _______________________________________________ > > mrtg mailing list > > [email protected] > > https://lists.oetiker.ch/cgi-bin/listinfo/mrtg > > > > _______________________________________________ > mrtg mailing list > [email protected] > https://lists.oetiker.ch/cgi-bin/listinfo/mrtg > _______________________________________________ mrtg mailing list [email protected] https://lists.oetiker.ch/cgi-bin/listinfo/mrtg
