Device Health Monitors

The device health monitor provides the compiled health status for any device managed by the Firewall Management Center. The device health monitor collects health metrics for Secure Firewall devices in order to predict and respond to system events. The device health monitor is comprised of the following components:

  • System Details ― Displays information about the managed device, including the installed Secure Firewall version and other deployment details.

  • Troubleshooting & Links ― Provides convenient links to frequently used troubleshooting topics and procedures.

  • Health alerts ― A health alert monitor provides an at-a-glance view of the health of the device.

  • Time range ― An adjustable time window to constrain the information that appears in the various device metrics windows.

  • Device metrics ― An array of key firewall device health metrics categorized across predefined dashboards, including:

    • CPU ― CPU utilization, including the CPU usage by process and by physical cores. The Firewall Threat Defense CPU core allocation dashboard shows core assignments for these categories:

      • Data Plane: Handles basic network functions, including core packet forwarding and network data processing.

      • Snort: Manages intrusion detection and deep packet inspection features.

      • System: Includes all other system processes. While some processes may have dedicated CPU cores allocated, their usage is combined and displayed under the System category in the dashboard.

    • Memory ― Device memory utilization, including data plane and Snort memory usage.

    • Interfaces ― Interface status and aggregate traffic statistics.

    • Connections ― Connection statistics (such as elephant flows, active connections, peak connections, and so on) and NAT translation counts.

    • Snort ― Statistics related to the Snort process.

    • Disk Usage ― Device disk usage, including the disk size and disk utilization per partition.

    • Critical Processes ― Statistics related to managed processes, including process restarts and other select health monitors such as CPU and memory utilization.

    Note

    During a device upgrade or high-availability failover event, the Firewall Threat Defense device may briefly appear as Offline in the device's health monitoring dashboard. This happens because health alerts are cleared during the process and are only updated after the process is complete. Wait for the upgrade or failover operation to finish.

    See Cisco Secure Firewall Threat Defense Health Metrics for a comprehensive list of the supported device metrics.