Monitoring Firewall Appliances

IPNetwork Monitor enables you to test and track the performance metrics of network firewalls. You can choose which parameter to monitor using the integrated MIB browser that presents all variables supported by the firewall, their current values, and descriptions from the MIBs.

Firewalls are versatile traffic management devices (hardware, software, or a combination of both). Traditionally, firewalls act as the initial network barrier, their primary line of defense. Several firewall types are currently in use; every operating system in use today includes a software firewall offering a comparable set of features.

Firewalls can be broadly categorized into:

  • Proxy firewalls: these manage traffic flow (typically, simple redirection)
  • Stateful inspection firewalls: these regulate traffic based on its state (Linux example: netfilter-based software firewall)
  • Next-generation firewalls (NGFWs): these perform advanced traffic control by examining traffic and taking action based on detected patterns
  • Personal firewalls (like the built-in Windows firewall): these enable detailed control over users and applications

Various other firewall types and classification methods exist; a comprehensive taxonomy of firewalls is beyond this article’s scope.

Typical Firewall Monitoring Scenarios

Firewalls are at the forefront of network security; monitoring them is essential to ensure traffic is effectively managed and filtered. In addition to standard monitoring tasks, you can:

  • Verify ISP connectivity; if necessary, failover to a backup connection
  • Look for specific traffic patterns (for instance, undesirable or harmful traffic)
  • Monitor the health and status of VPNs (if configured on the firewall)

Because IPNetwork Monitor offers tools to manage remote devices in response to a problem state, it can be used to adjust firewall settings accordingly (example: if a network device starts consuming excessive traffic, alerts can be configured to trigger firewall rules to limit or completely block the offending device).

List of MIBs Utilized for Monitoring Network Firewall Devices

The following MIBs are used to monitor firewall devices:
  • BORDERWARE-FW-MIB: This MIB module provides data related to the BorderWare Firewall Server; Borderware SNMP extensions.
  • BORDERWARE-SMG-MIB: This MIB module provides Borderware Mail Firewall SNMP extensions.
  • CISCO-FIREWALL-MIB: MIB module for monitoring Cisco Firewalls.
  • JUNIPER-FIREWALL-MIB: This is Juniper Networks’ implementation of an enterprise-specific MIB for firewall filters/policers.
  • SONICWALL-FIREWALL-IP-STATISTICS-MIB: The MIB Module for SonicWALL Firewall IPsec Statistics.
  • SONICWALL-FIREWALL-TRAP-MIB: The MIB Module for SonicWALL Firewall Traps.
  • UCD-IPFWACC-MIB: This module defines MIB components for retrieving information from IP Firewall accounting rules. This typically allows access to rules and their counters.
You can begin Firewall SNMP monitoring immediately with a free 30-day trial of IPNetwork Monitor. IPNetwork SNMP monitor allows you to monitor network performance, audit network activity, identify network issues, and detect unauthorized access. The IPNetwork’s SNMP monitor can communicate and interact with any SNMP-enabled device. [interfaces_screenshot]

IPNetwork Monitor 1.0 build 141 of March 11, 2024. File size: 112MB