vRealize Network Insight supports Cisco ASA firewall.

The features for Cisco ASA firewall are as follows:
  • vRealize Network Insight supports only Cisco ASA-X series.
  • vRealize Network Insight does not support Firepower modules.
  • Currently, vRealize Network Insight supports Cisco ASA operating system version 9.4.
  • vRealize Network Insight does not support the cluster deployment of Cisco ASA.
  • vRealize Network Insight does not support the high availability of Cisco ASA.
  • vRealize Network Insight does not support Cisco ASA if it is directly connected to the host. A topology that is similar to the following example is supported:

    A diagram illustrating the topology of a Cisco ASA-X series firewall that vRealize Network Insight supports.

  • Cisco ASA access rules of only Extended type are supported. Other access rule types like Standard, WebType, EtherType, and so on are not supported.
  • The Cisco ASA firewall in the VM-to-VM path does not display applicable access rules if the firewall is configured in the Transparent mode.

Example

You can perform a query for all the Cisco ASA entities that are supported by vRealize Network Insight.
Entities in Cisco ASA Keywords Sample Queries
Security Context

ASA Firewall

ASA Security Context

asa firewall where access group = <>

Access Rule

ASA Access Rule

asa access rule where source ip = <>

asa access rule where destination ip = '192.168.2.2'

asa access rule where port = <>

asa access rule where interface = <>

Access Group

ASA Access Group

asa access group where interface = <>

Network Object / Network Object Group

ASA Network Object

ASA Network Object Group

asa network object where ip address = <>

asa network object group where ip address = <>

Service Object / Service Object Group

ASA Service Object

ASA Service Object Group

asa service object where port = <>

asa service where protocol = <>

asa service object group