3-22
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter3 Using the ASDM User Interface
Home Pane (Single Mode and Context)
The number of connections and NAT translations.
The rate of dropped packets per second caused by access list denials and application inspections.
The rate of dropped packets per second that are identified as part of a scanning attack, or that are
incomplete sessions detected, such as TCP SYN attack detected or no data UDP session attack
detected.
Top 10 Access Rules Pane
Enabled by default. If you disable threat detection statistics for access rules (see the “Configuring
Advanced Threat Detection Statistics” section on page 60-5), then this area includes an Enable button
that lets you enable statistics for access rules.
In the Table view, you can select a rule in the list and right-click the rule to display a popup menu item,
Show Rule. Choose this item to go to the Access Rules table and select that rule in this table.
Top Usage Status Pane
Disabled by default. This pane contains the following four tabs:
Top 10 Services—Threat Detection feature
Top 10 Sources—Threat Detection feature
Top 10 Destinations—Threat Detection feature
Top 10 Users—Identity Firewall feature
The first three tabs—Top 10 Services, Top 10 Sources, and Top 10 Destinations—provide statistics for
threat detection features. Each tab includes an Enable button that let you enable each threat detection
feature. You can enable them according to the “Configuring Basic Threat Detection Statistics” section
on page 60-4.
The Top 10 Services Enable button enables statistics for both ports and protocols (both must be enabled
for the display). The Top 10 Sources and Top 10 Destinations Enable buttons enable statistics for hosts.
The top usage status statistics for hosts (sources and destinations), and ports and protocols are displayed.
The fourth tab for Top 10 Users provides statistics for the Identity Firewall feature. The Identity Firewall
feature provides access control based on users’ identities. You can configure access rules and security
policies based on user names and user groups name rather than through source IP addresses. The ASA
provides this feature by accessing an IP-user mapping database.
The Top 10 Users tab displays data only when you have configured the Identity Firewall feature in the
ASA, which includes configuring these additional components—Microsoft Active Directory and Cisco
Active Directory (AD) Agent. See “Configuring the Identity Firewall” section on page39-10 for
information.
Depending on which option you choose, the Top 10 Users tab shows statistics for received EPS packets,
sent EPS packets, and sent attacks for the top 10 users. For each user (displayed as domain\user_name),
the tab displays the average EPS packet, the current EPS packet, the trigger, and total events for that user.
Caution Enabling statistics can affect the ASA performance, depending on the type of statistics enabled.
Enabling statistics for hosts affects performance in a significant way; if you have a high traffic load, you
might consider enabling this type of statistics temporarily. Enabling statistics for ports, however, has a
modest effect.