Firewall Wizards mailing list archives
In search of Firewalls KPIs
From: Marcin Antkiewicz <firewallwizards () kajtek org>
Date: Thu, 19 Aug 2010 00:45:54 -0500
I am in search of the essential KPIs to be monitored for Juniper Netscreen Firewalls. After the identification of these KPIs, I want to go ahead for capacity planning & performance optimization of these firewalls. Any piece of advise will help!
Saumitra, KPIs are metrics. Good metrics should be Specific, Measurable, Actionable, Relevant, and Timely (SMART people call it). A simple way of looking at firewall metrics is by placing them into environmental,operational and strategic categories. Environmental measurements deal with power/cooling consumption, rack footprint, cabling/media, location, power sources, etc. Operational stats deal with capacity (disk/CPU/states/licenses/interface queues), performance (pps/drops/sessions/logging), errors (interface/fw denies/routing), rates of change for rule management, traffic flows/volume, admin logins, trouble tickets. Strategic focus on the architecture - environments/rules/objects per firewall, count and types of environments, capacity to process traffic and accept new rules (licenses/interfaces), amount of troubleshooting and rework, sw/hw lifecycle information, etc. Each of the bins may measure similar information, but the resolution or ratios may be different. For example, from operational point of view, I may want to know how many trouble tickets were opened in last hour, and last 5 minutes. When working on the strategic plan, I will look for the number of tickets following scheduled and unscheduled changes, total ticket counts, rework, time to resolve and no. and type of SMEs required to close tickets. Once you have the categories full of ideas for metrics, see if they fit the SMART mantra. For example, the temperature of 30 CPUs is not very useful. A trend is better, but still does not tell you whether the machine is busy, or overheating. A ratio of current temperature to baseline is better, especially if connected to some form of load indicator. High load, cold CPU is not good. Similarly, hot CPU on idle firewall indicates some kind of work is being done that you may not be aware of. Once the metrics look to be specific and actionable and..., find out 5-7 questions that people who want to know what firewalls do really want answered. These will be simple (no. of sessions) or very complex (soft and hard cost of rule addition in the X regulated environment). These will be your KPIs - they are supposed to show your progress or contribution to the company's strategic goals. If you are faced in a much simpler case, with a few firewalls and few environments, the same rules apply. - measure trivial counters: CPU, memory, states, flows/bytes, denies, loglines. Establish a baseline. - classify objects by importance, label according to internal grouping. - collect data from change control/ticketing system - ask questions, see if there are numbers required to answer them. "What is the cost of adding a new network", "at what percentage of known max are we currently running", "what causes the largest rate of denied connections", "how often clusters master node changes". - translate the question in terms of the gathered data. -- Marcin Antkiewicz _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- In search of Firewalls KPIs saumitra prabhudesai (Aug 16)
- Re: In search of Firewalls KPIs Tim Eberhard (Aug 17)
- Re: In search of Firewalls KPIs saumitra prabhudesai (Aug 18)
- Message not available
- In search of Firewalls KPIs Marcin Antkiewicz (Aug 21)
- Re: In search of Firewalls KPIs Tim Eberhard (Aug 17)
- Re: In search of Firewalls KPIs pkc_mls (Aug 31)