Cisco - Check firewall ASA and PIX - SNMP v1, v2c, v3

This script check Cisco firewall (tested on Cisco PIX-515E and ASA-5500).

Modules included:

Mode 1 - Failover

fail over status for ptimary and secondary host

=> warning if primary = stanby and secondary = active

=> critical if primary or secondary = error

=> unknwon if failover is not configured

Mode 2 - Sessions

number of sessions in use

=> warning or critical exit if superior

number of max session ever used

check_cisco_firewall.sh -H hostname -V version -M failover|sessions [-w|-c|-C|-l|-u|-a|-d|-h]

PARAMETERS

-H Hostname (IP adresse or DNS name)

-V Version (1|2c|3)

-M Mode (failover|sessions)

OPTIONNAL

-w Warning_Level (number of sessions before warning) Use on session mode

-c Critical_Level (number of sessions before critical) Use on session mode

-C Community (name) Use on Version 1|2

-l Login (NoAuthNoPriv | AuthNoPriv | AuthPriv) Use on Version 3

-u Username Use on Version 3

-a Password Use on Version 3

-d Debug mode

-h Help (print command usage, and quit)

Sample commands:

#./check\_cisco\_firewall.sh -H 192.168.0.1 -V 1 -M sessions -C Public -w 1000 -c 2000
OK - 45 sessions (max : 8209) | Current\_Used=45

#./check\_cisco\_firewall.sh -H 192.168.0.1 -V 3 -l AuthNoPriv -u user -a password -M failover
OK - Primary = Active, Secondary = Standby | Actives\_Nodes=2

Display help
#./check\_cisco\_firewall.sh -h

Active debug mod
#./check\_cisco\_firewall.sh xxxxxx -d