zabbix_export: version: '5.4' date: '2021-11-21T21:58:31Z' groups: - uuid: 36bff6c29af64692839d077febfc7079 name: 'Templates/Network devices' templates: - uuid: d6afa28223264100bdebf04b88a48b9c template: 'Cisco ASA' name: 'Cisco ASA' description: | ## Description Version 1.1.3, Release date 29.4.2020 Made by: Ville Leinonen/www.hacknetwork.org Template is tested in Zabbix 4.4 and ASA version 9.14(1) Changelog: SNMPv3 support added TODO (maybe): Interface statistic and more triggers. ## Overview Version 1.1 Template is tested against Zabbix version 4.4.6 and ASA version 9.14(1). Failover role can be primary or secondary, it based in your ASA configuration. Failover status can be Active unit or Standby unit. This indicates which of your Firewall is active right now. Template also populates inventory fields automaticly. This is snmpv2 template, but v3 is coming soon. Version 1.1.3 SNMPv3 support added, new macros: {$SECURITY\_NAME} = Username {$AUTH\_PASSPHRASE} = Authentication password {$PRIV\_PASSPHRASE} = Encryption password Use authentication algorithm SHA and encryption algorithm AES (128). Added OID: ASA System name (ciscoASAsysName) OLD VERSIONS, USE GITHUB More information (soon) ## Author Ville Leinonen groups: - name: 'Templates/Network devices' items: - uuid: 9e1bcb00e26a4d3cba48b927d2f7107d name: 'Maximum Crypto Sessions' type: SNMP_AGENT snmp_oid: .1.3.6.1.4.1.9.9.467.1.1.5.0 key: ccaMaxCryptoConnections delay: 60m trends: '0' value_type: FLOAT tags: - tag: Application value: VPN - uuid: 7d09dc4d30d6402b9ddd16583199721f name: 'Maximum Crypto Throughput' type: SNMP_AGENT snmp_oid: .1.3.6.1.4.1.9.9.467.1.1.4.0 key: ccaMaxCryptoThroughput delay: 60m trends: '0' value_type: FLOAT tags: - tag: Application value: VPN - uuid: e4ed88e82d8a4da58e83537bf124a476 name: 'Connections In Use' type: SNMP_AGENT snmp_oid: 1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40.6 key: cfwConnectionStatValueCurrentInUse delay: 5m value_type: FLOAT description: 'Number of connections currently in use by the entire firewall.' tags: - tag: Application value: General - uuid: 0cd307ddfa0047f1946492bf2c68136d name: 'Connections Max Use' type: SNMP_AGENT snmp_oid: 1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40.7 key: cfwConnectionStatValueMaxUse delay: 5m value_type: FLOAT description: 'Highest number of connections in use at any one time since system start.' tags: - tag: Application value: General - uuid: be05f0d0ef5149d898fc94bc3e6d536d name: 'Failover Status' type: SNMP_AGENT snmp_oid: .1.3.6.1.4.1.9.9.147.1.2.1.1.1.4.6 key: cfwHardwareStatusDetailFoStatus trends: '0' value_type: TEXT description: 'Firewall cluster Failover status. Indicates which of the Firewall is active unit in the cluster.' tags: - tag: Application value: General triggers: - uuid: 772a03b0ae904354a60a1dfd98dcedb9 expression: 'change(/Cisco ASA/cfwHardwareStatusDetailFoStatus)=0' recovery_mode: NONE name: '{HOST.NAME} Cisco ASA Failover triggered' priority: HIGH description: 'Cisco ASA Failover triggered.' manual_close: 'YES' - uuid: 6c87afe353284ce792033393a0e8a53f name: 'Failover Role Primary' type: SNMP_AGENT snmp_oid: .1.3.6.1.4.1.9.9.147.1.2.1.1.1.2.6 key: cfwHardwareStatusFoPrimary delay: 5m trends: '0' value_type: TEXT description: | Can be: - Primary unit (this device) - Secondary unit (this device) preprocessing: - type: REGEX parameters: - 'Primary.*unit.*this.*device.' - \0 error_handler: DISCARD_VALUE tags: - tag: Application value: General - uuid: de2e2f0d1fed490aaee1ee02d25a8ab5 name: 'Failover Role Secondary' type: SNMP_AGENT snmp_oid: .1.3.6.1.4.1.9.9.147.1.2.1.1.1.2.7 key: cfwHardwareStatusFoSecondary delay: 5m trends: '0' value_type: TEXT description: | Can be: - Primary unit (this device) - Secondary unit (this device) preprocessing: - type: REGEX parameters: - 'Secondary.*unit.*this.*device.' - \0 error_handler: DISCARD_VALUE tags: - tag: Application value: General - uuid: a560034553f1479f824f57b5e1e804b3 name: 'ASA Version' type: SNMP_AGENT snmp_oid: 'SNMPv2-SMI::mib-2.47.1.1.1.1.10.1' key: ciscoASA delay: 60m trends: '0' value_type: TEXT inventory_link: OS_SHORT tags: - tag: Application value: General - uuid: f4591605b8d9420a8dfd60dd3e2a7839 name: 'ASA System name' type: SNMP_AGENT snmp_oid: 'SNMPv2-MIB::sysName.0' key: ciscoASAsysName delay: 60m trends: '0' value_type: TEXT tags: - tag: Application value: General - uuid: ad71b025ea0f4751ad0baeb300f60e16 name: 'Active IKE Peers' type: SNMP_AGENT snmp_oid: .1.3.6.1.4.1.9.9.171.1.2.1.1.0 key: ciscoIKEPeers delay: 5m tags: - tag: Application value: VPN - uuid: 9011037761b54a5f9e2190132bfa4eee name: 'Memory Free' type: SNMP_AGENT snmp_oid: .1.3.6.1.4.1.9.9.48.1.1.1.6.1 key: ciscoMemoryPoolFree units: Byte tags: - tag: Application value: General - uuid: b610f4dd6d62473ab635762413913005 name: 'Memory Pool Largest Free' type: SNMP_AGENT snmp_oid: .1.3.6.1.4.1.9.9.48.1.1.1.7.1 key: ciscoMemoryPoolLargestFree units: Byte tags: - tag: Application value: General - uuid: e7d2dd394d884c6e95eeb5c7c1f6a425 name: 'Memory Used' type: SNMP_AGENT snmp_oid: .1.3.6.1.4.1.9.9.48.1.1.1.5.1 key: ciscoMemoryPoolUsed units: Byte tags: - tag: Application value: General - uuid: a8382a7fc4b44395a770753673392f64 name: 'Memoty Total' type: CALCULATED key: ciscoMemoryTotal units: Byte params: last(//ciscoMemoryPoolUsed)+last(//ciscoMemoryPoolFree) tags: - tag: Application value: General - uuid: 17bdbe9ffd984dda9eeb4843127dca8e name: 'Memory Usage' type: CALCULATED key: ciscoMemUsage units: '%' params: '100*last(//ciscoMemoryPoolUsed)/last(//ciscoMemoryTotal)' tags: - tag: Application value: General - uuid: 096520368e414e1d8ac02a0c6934882b name: 'ROMMON Version' type: SNMP_AGENT snmp_oid: 'SNMPv2-SMI::mib-2.47.1.1.1.1.9.1' key: ciscoROMMON delay: 60m trends: '0' value_type: TEXT tags: - tag: Application value: General - uuid: fba26e5ec70449daa4a24a65877a8677 name: 'Active AnyConnect Sessions' type: SNMP_AGENT snmp_oid: .1.3.6.1.4.1.9.9.392.1.3.35.0 key: crasSVCNumSessions delay: 5m tags: - tag: Application value: VPN - uuid: 1df562a016ad488bad1406b8568cc1f5 name: 'Active WebVPN Sessions' type: SNMP_AGENT snmp_oid: .1.3.6.1.4.1.9.9.392.1.3.38.0 key: crasWebvpnNumSessions delay: 5m tags: - tag: Application value: VPN - uuid: a51bceba1fe148b482dbcbfb87b2cbdb name: 'Chassis Version' type: SNMP_AGENT snmp_oid: 'SNMPv2-SMI::mib-2.47.1.1.1.1.8.1' key: deviceChassis delay: 60m trends: '0' value_type: TEXT inventory_link: HW_ARCH tags: - tag: Application value: General - uuid: 13c2ca8427fa4bff8de1ec9acdb9f0de name: 'Model Name' type: SNMP_AGENT snmp_oid: 'SNMPv2-SMI::mib-2.47.1.1.1.1.13.1' key: deviceModel delay: 60m trends: '0' value_type: TEXT inventory_link: HARDWARE_FULL tags: - tag: Application value: General - uuid: 498531cfe89d434496550739a45ad420 name: 'Chassis Serial Number' type: SNMP_AGENT snmp_oid: 'SNMPv2-SMI::mib-2.47.1.1.1.1.11.1' key: deviceSerialNum delay: 60m trends: '0' value_type: TEXT inventory_link: SERIALNO_A tags: - tag: Application value: General - uuid: 8a418695068d4beaa5dc8b7a7a3ac528 name: 'Vendor Name' type: SNMP_AGENT snmp_oid: 'SNMPv2-SMI::mib-2.47.1.1.1.1.12.1' key: deviceVendor delay: 60m trends: '0' value_type: TEXT inventory_link: VENDOR tags: - tag: Application value: General - uuid: e9512a0479704ff8b34aab545cb14559 name: 'Number of network interfaces' type: SNMP_AGENT snmp_oid: 'IF-MIB::ifNumber.0' key: ifNumber delay: 60m description: 'The number of network interfaces (regardless of their current state) present on this system.' tags: - tag: Application value: Interfaces - uuid: 930dadd60f264c60ba49a03837d6e98b name: Description type: SNMP_AGENT snmp_oid: .1.3.6.1.2.1.1.1.0 key: sysDescr delay: 60m trends: '0' value_type: TEXT inventory_link: OS_FULL tags: - tag: Application value: General - uuid: 4d3545ac97034e98b82ef440475278c0 name: sysUpTime type: SNMP_AGENT snmp_oid: 'SNMPv2-MIB::sysUpTime.0' key: sysUpTimeInstance delay: 5m history: 7d value_type: FLOAT units: uptime preprocessing: - type: MULTIPLIER parameters: - '0.01' tags: - tag: Application value: General triggers: - uuid: 530f39cd4c2c4497a216a92609647b63 expression: 'last(/Cisco ASA/sysUpTimeInstance)<10m' name: '{HOST.NAME} uptime changed' priority: WARNING - uuid: 703fd113548d4df9bebe110107796669 name: 'Total VPN sessions' type: CALCULATED key: totalVPNsessions delay: 5m params: (last(//crasSVCNumSessions)+last(//ciscoIKEPeers)+last(//crasWebvpnNumSessions)) description: 'Total number of VPN sessions.' tags: - tag: Application value: VPN discovery_rules: - uuid: ec7e2747b3ae40c5939ab0d4bbc9decb name: 'Number of CPU Cores' type: SNMP_AGENT snmp_oid: 'discovery[{#SNMPVALUE},1.3.6.1.4.1.9.9.109.1.1.1.1.7]' key: numOfcore delay: 5m description: 'Discovery number of CPU cores' item_prototypes: - uuid: b7b005ddec4746fdbdfdbb2d3190803a name: 'Core {#SNMPINDEX} 1min' type: SNMP_AGENT snmp_oid: '1.3.6.1.4.1.9.9.109.1.1.1.1.7.{#SNMPINDEX}' key: 'cpmCPUTotal1minRev[{#SNMPINDEX}]' value_type: FLOAT tags: - tag: Application value: General - uuid: 2f3da80c24154ec59b1ec581e1ecbeba name: 'Core {#SNMPINDEX} 5min' type: SNMP_AGENT snmp_oid: '1.3.6.1.4.1.9.9.109.1.1.1.1.8.{#SNMPINDEX}' key: 'cpmCPUTotal5minRev[{#SNMPINDEX}]' value_type: FLOAT tags: - tag: Application value: General triggers: - uuid: 112b798aa2f74677b716fbec7312f74d expression: '(last(/Cisco ASA/ccaMaxCryptoConnections)-last(/Cisco ASA/totalVPNsessions))<20' recovery_mode: RECOVERY_EXPRESSION recovery_expression: '(last(/Cisco ASA/ccaMaxCryptoConnections)-last(/Cisco ASA/totalVPNsessions))<21' name: '{HOST.NAME} soon out of VPN-sessions' priority: AVERAGE description: 'Trigger if soon out of VPN-sessions.' manual_close: 'YES'