50-8
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 50 Configuring Hostname, Resources, User Accounts, and SLAs
Monitoring Service Level Agreements (SLAs) To Maintain Connectivity
default route to a secondary ISP in case the primary ISP becomes unavailable. This technique, called
Dual ISP, provides security appliances with a form of high availability, which is a vital part of providing
customers with the services to which they are entitled.
Without route tracking, there is no inherent mechanism for determining if the route is up or down. A
static route remains in the routing table even if the next hop gateway becomes unavailable, and is
removed only if the associated interface on the security appliance goes down.
The security appliance performs route tracking by associating a route with a monitoring target that you
define in an SLA monitor policy object. It monitors the target using ICMP echo requests, according to
the parameters configured in the object. If an echo reply is not received within a specified time period,
the SLA monitor is considered down and the associated route is removed from the routing table. A
previously configured backup route is used in place of the removed route.
SLA monitoring jobs start immediately after deployment and continue to run unless you remove the SLA
monitor from the device configuration (that is, they do not age out).
Related Topics
Configuring Static Routes, page 54-48
Configuring Firewall Device Interfaces, page45-2
Creating Policy Objects, page 6-9
This section contains the following topics:
Creating Service Level Agreements, page 50-8
Creating Service Level Agreements
The following procedure explains how to configure SLA monitor objects and associate them with routes
and interfaces in an ASA or PIX configuration.
Related Topics
Monitoring Service Level Agreements (SLAs) To Maintain Connectivity, page 50-7
Configuring Static Routes, page 54-48
Configuring Firewall Device Interfaces, page45-2
Creating Policy Objects, page 6-9
Step 1 Create the SLA monitor policy object:
a. Select Manage > Policy Objects to open the Policy Object Manager (see Policy Object Manager,
page 6-4) and select SLA Monitors from the table of contents.
Tip You can also create SLA monitor objects when defining policies that use this object type. For
more information, see Selecting Objects for Policies, page 6-2.
b. Right-click in the work area and select New Object to open the Add SLA Monitor dialog box. For
more information, see Configuring SLA Monitor Objects, page 50-9.