Home > Articles > Cisco Certification > Understanding Cisco Secure Firewall Services Module 4.x Routing and Feature Enhancements

Understanding Cisco Secure Firewall Services Module 4.x Routing and Feature Enhancements

Contents

  1. Configuring EIGRP
  2. Configuring Route Health Injection
  3. Understanding Application Support
  4. Additional Support for Simple Network Management Protocol Management Information Base
  5. Miscellaneous Security Features
  6. Summary
  7. References

Chapter Description

This chapter discusses the key additions to the Cisco Secure Firewall Services Module (FWSM) 4.x code.

Additional Support for Simple Network Management Protocol Management Information Base

Simple Network Management Protocol (SNMP) is used to get specific information from a device or to send it information for the purposes of configuration changes. Because the FWSM is a security device, you cannot send it information, but you can gather information for keeping track of interface statistics, packet counts, and so on. There have been two additions to the Management Information Base (MIB):

  • ACL entries and hit counters located under CISCO-IP-PROTOCOL-FILTER-MIB
  • Address Resolution Protocol (ARP) table entries located under IP-MIB

Table 25-1 shows the MIB additions with definitions.

Table 25-1. FWSM 4.01 MIB Additions

CISCO-IP-PROTOCOL-FILTER-MIB

cippfIpFilterTable

Command Line Interface (CLI) show run access-list

1.3.6.1.4.1.9.9.278.1.1.1.1.1

cippfIpProfileName

ACL name

1.3.6.1.4.1.9.9.278.1.1.3.1.1

cippfIpFilterIndex

Access Control Entry (ACE) line number

1.3.6.1.4.1.9.9.278.1.1.3.1.3

cippfIpFilterAction

Permit/Deny

1.3.6.1.4.1.9.9.278.1.1.3.1.4

cippfIpFilterAddressType

Either ipv4 or ipv6

1.3.6.1.4.1.9.9.278.1.1.3.1.5

cippfIpFilterSrcAddress

Source IP addr

1.3.6.1.4.1.9.9.278.1.1.3.1.6

cippfIpFilterSrcMask

Source IP mask

1.3.6.1.4.1.9.9.278.1.1.3.1.7

cippfIpFilterDestAddress

Destination IP addr

1.3.6.1.4.1.9.9.278.1.1.3.1.8

cippfIpFilterDestMask

Destination IP mask

1.3.6.1.4.1.9.9.278.1.1.3.1.9

cippfIpFilterProtocol

Protocol (IP/TCP/UDP/ICMP)

1.3.6.1.4.1.9.9.278.1.1.3.1.10

cippfIpFilterSrcPortLow

Src port low

1.3.6.1.4.1.9.9.278.1.1.3.1.11

cippfIpFilterSrcPortHigh

Src port high

1.3.6.1.4.1.9.9.278.1.1.3.1.12

cippfIpFilterDestPortLow

Dest port low

1.3.6.1.4.1.9.9.278.1.1.3.1.13

cippfIpFilterDestPortHigh

Dest port high

1.3.6.1.4.1.9.9.278.1.1.3.1.16

cippfIpFilterLogEnabled

Log enabled/disabled

1.3.6.1.4.1.9.9.278.1.1.3.1.17

cippfIpFilterStatus

ACL Active/Inactive

1.3.6.1.4.1.9.9.278.1.1.3.1.22

cippfIpFilterSrcIPGroupName

Src n/w object group name

1.3.6.1.4.1.9.9.278.1.1.3.1.23

cippfIpFilterDstIPGroupName

Dest n/w object group name

1.3.6.1.4.1.9.9.278.1.1.3.1.24

cippfIpFilterProtocolGroupName

Protocol object group name

1.3.6.1.4.1.9.9.278.1.1.3.1.25

cippfIpFilterSrcServiceGroupName

Src service object group name

1.3.6.1.4.1.9.9.278.1.1.3.1.26

cippfIpFilterDstServiceGroupName

Dest service object group name

1.3.6.1.4.1.9.9.278.1.1.3.1.27

cippfIpFilterICMPGroupName

ICMP object group

cippfIpFilterStatsTable

CLI show access-list acl-name

 1.3.6.1.4.1.9.9.278.1.1.1.1.1

cippfIpProfileName

ACL name

1.3.6.1.4.1.9.9.278.1.1.3.1.1

cippfIpFilterIndex

ACE line number within the ACL

1.3.6.1.4.1.9.9.278.1.2.1.1.1

cippfIpFilterHits

ACE hit-count

IP-MIB(RFC2011)

ipNetToPhysicalTable

CLI show arp

1.3.6.1.2.1.4.35.1.1

ipNetToPhysicalIfIndex

Interface number for the ARP entry

1.3.6.1.2.1.4.35.1.2

ipNetToPhysicalNetAddressType> 

IP address type for the ARP entry

1.3.6.1.2.1.4.35.1.3

ipNetToPhysicalNetAddress

IP address for the ARP entry

1.3.6.1.2.1.4.35.1.4

ipNetToPhysicalPhysAddress

Media Access Control (MAC) address for the IP address

When using SNMP, avoid using ansnmp walk. This process will start at the top of the MIB tree and get the statistics for each MIB, until it gets to the end of the tree. Because SNMP is not performed in hardware, this will put an undue burden on the FWSM.

SNMP is a very valuable tool to gather statistics from the FWSM, and with the addition of ACL entries, ACL counters, and ARP table entries, it becomes an even better tool. Just remember not to overwhelm the FWSM with too many queries.

5. Miscellaneous Security Features | Next Section Previous Section