Cisco Success Network - Telemetry Data
Cisco Success Network is an always-on usage information and metrics collection feature in the Secure Firewall migration tool, which collects and trasmits usage statistics through a secure cloud connection between the migration tool and the Cisco cloud. These statistics help us provide additional support on unused features and also improve our products. When you initiate a migration process in the Secure Firewall migration tool, the corresponding telemetry data file is generated and stored in a fixed location.
When you push the migrated Check Point configuration to management center, the push service reads the telemetry data file from the location and deletes it after the data is successfully uploaded to the cloud.
The migration tool provides two options to choose from, for streaming telemetry data—Limited and Extensive.
With Cisco Success Network set to Limited, the following telemetry data points are collected:
|
Data Point |
Description |
Example Value |
|---|---|---|
|
Time |
The time and date when the telemetry data is collected |
2023-04-25 10:39:19 |
|
Source Type |
The source device type |
ASA |
|
Device Model Number |
Model number of ASA |
ASA5585-SSP-10, 5969 MB RAM, CPU Xeon 5500 series 2000 MHz, 1 CPU (4 cores) |
|
Source Version |
Version of ASA |
9.2 (1) |
|
Target Management Version |
The target version of management center |
6.5 or later |
|
Target Management Type |
The type of target management device, namely, management center |
Management Center |
|
Target Device Version |
The version of target device |
75 |
|
Target Device Model |
The model of target device |
Cisco Secure Firewall Threat Defense for VMware |
|
Migration Tool Version |
The version of the migration tool |
1.1.0.1912 |
|
Migration Status |
The status of the migration of ASA configuration to management center |
SUCCESS |
The following tables provide information on the telemetry data points, their descriptions, and sample values, when Cisco Success Network is set to Extensive:
| Data Point | Description | Example Value |
|---|---|---|
|
Operating System |
Operating system that runs the Secure Firewall migration tool. It could be Windows7/Windows10 64-bit/macOS High Sierra |
Windows 7 |
|
Browser |
Browser used to launch the Secure Firewall migration tool. It could be Mozilla/5.0 or Chrome/68.0.3440.106 or Safari/537.36 |
Mozilla/5.0 |
| Data Point | Description | Example Value |
|---|---|---|
|
Time |
The time and date when the telemetry data is collected |
2023-04-25 10:39:19 |
|
Source Type |
The source device type |
Check Point |
|
Source Device Serial Number |
Serial number of Check Point |
Serial number of device if exists. |
|
Source Device Model Number |
Model number of Check Point |
|
|
Source Device Version |
Version of Check Point |
R77.30 |
|
Source Config Counts |
The total number of lines in the source configuration |
504 |
|
Firewall Mode |
The firewall mode configured on Check Point - routed or transparent |
ROUTED |
|
Context Mode |
The context mode of Check Point. This can be single or multi-context. |
SINGLE |
|
Check Point Config Statistics: |
||
|
ACL Counts |
The number of ACLs which are attached to access group |
46 |
|
Access Rules Counts |
The total number of access rules |
46 |
|
NAT Rule Counts |
The total number of NAT rules |
17 |
|
Network Object Counts |
The number of network objects configured in Check Point |
34 |
|
Network Object Group Counts |
The number of network object groups in Check Point |
6 |
|
Port Object Counts |
The number of port objects |
85 |
|
Port Object Group Counts |
The number of port object groups |
37 |
|
Unsupported Access Rules Count |
The total number of unsupported access rules |
3 |
|
Unsupported NAT Rule Count |
The total number of unsupported NAT access rules |
0 |
|
FQDN Based Access Rule Counts |
The number of FQDN -based access rules |
7 |
|
Time range Based Access Rule Counts |
The number of time range based access rules |
1 |
|
SGT Based Access Rule Counts |
The number of SGT-based access rules |
0 |
|
Summary of Config lines that Tool is not able to parse |
||
|
Unparsed Config Count |
The number of config lines that are unrecognized by the parser |
68 |
|
Total Unparsed Access Rule Counts |
The total number of unparsed access rules |
3 |
| Data Point | Description | Example Value |
|---|---|---|
|
Target Management Version |
The target version of management center |
6.2.3.3 (build 76) |
|
Target Management Type |
The type of target management device, namely, management center |
Management Center |
|
Target Device Version |
The version of target device |
75 |
|
Target Device Model |
The model of target device |
Cisco Secure Firewall Threat Defense for VMware |
|
Migration Tool Version |
The version of the migration too1 |
1.1.0.1912 |
| Data Point | Description | Example Value |
|---|---|---|
|
Access Control Policy |
||
|
Name |
The name of access control policy |
Doesn't Exist |
|
Access Rule Counts |
The total number of migrated ACL rules |
0 |
|
Partially Migrated ACL Rule Counts |
The total number of partially migrated ACL rules |
3 |
|
Expanded ACP Rule Counts |
The number of expanded ACP rules |
0 |
|
NAT Policy |
||
|
Name |
The name of NAT policy |
Doesn't Exist |
|
NAT Rule Counts |
The total number of migrated NAT rules |
0 |
|
Partially Migrated NAT Rule Counts |
The total number of partially migrated NAT rules |
0 |
|
More migration details... |
||
|
Interface Counts |
The number of updated interfaces |
0 |
|
Sub Interface Counts |
The number of updated subinterfaces |
0 |
|
Static Routes Counts |
The number of static routes |
0 |
|
Objects Counts |
The number of objects created |
34 |
|
Object Group Counts |
The number of object groups created |
6 |
|
Interface Group Counts |
The number of interface groups created |
0 |
|
Security Zone Counts |
The number of security zones created |
3 |
|
Network Object Reused Counts |
The number of objects reused |
21 |
|
Network Object Rename Counts |
The number of objects that are renamed |
1 |
|
Port Object Reused Counts |
The number of port objects that are reused |
0 |
|
Port Object Rename Counts |
The number of port objects that are renamed |
0 |
| Data Point | Description | Example Value |
|---|---|---|
|
Conversion Time |
The time taken to parse Check Point configuration lines (in minutes) |
14 |
|
Migration Time |
The total time taken for end-to-end migration (in minutes) |
592 |
|
Config Push Time |
The time taken to push the final configuration (in minutes) |
7 |
|
Migration Status |
The status of the migration of Check Point configuration to management center |
SUCCESS |
|
Error Message |
The error message as displayed by the Secure Firewall migration tool |
null |
|
Error Description |
The description about the stage when the error has occurred and the possible root cause |
null |
Telemetry Check Point Example File for r77
The following is an example of a telemetry data file on the migration of Check Point configuration to threat defense:
{
"metadata": {
"contentType": "application/json",
"topic": "migrationtool.telemetry"
},
"payload": {
"Check Point_config_stats": {
"Ipv6_access_rule_counts": 0,
"Ipv6_bgp_count": 0,
"Ipv6_nat_rule_count": 0,
"Ipv6_network_counts": 24,
"Ipv6_static_route_counts": 6,
"access_rules_counts": 63,
"acl_counts": 63,
"fqdn_based_access_rule_counts": 0,
"nat_rule_counts": 0,
"network_object_counts": 143,
"network_object_group_counts": 31,
"no_of_fqdn_based_objects": 0,
"ospfv3_count": 0,
"port_object_counts": 370,
"port_object_group_counts": 55,
"sgt_based_access_rules_count": 0,
"timerange_based_access_rule_counts": 0,
"total_unparsed_access_rule_counts": 0,
"tunneling_protocol_based_access_rule_counts": 0,
"unparsed_config_count": 15,
"unsupported_access_rules_count": 0,
"unsupported_nat_rule_count": 0
},
"context_mode": "SINGLE",
"error_description": null,
"error_message": null,
"firewall_mode": "ROUTED",
"log_info_acl_count": 0,
"migration_status": "SUCCESS",
"migration_summary": {
"access_control_policy": [
[
{
"access_rule_counts": 63,
"apply_file_policy_rule_counts": 0,
"apply_ips_policy_rule_counts": 0,
"apply_log_rule_counts": 0,
"do_not_migrate_rule_counts": 0,
"enable_Global-ACL-Policy": true,
"enable_Zone-Specific-ACL-Policy": false,
"enable_hit_count": false,
"expanded_acp_rule_counts": 1,
"name": "FTD-Mig-1566804327",
"partially_migrated_acl_rule_counts": 0,
"update_rule_action_counts": 0
}
]
],
"interface_counts": 12,
"interface_group_counts": 0,
"interface_group_manually_created_counts": 0,
"nat_Policy": [
[
{
"NAT_rule_counts": 0,
"do_not_migrate_rule_counts": 0,
"name": "Doesn't Exist",
"partially_migrated_nat_rule_counts": 0
}
]
],
"network_object_rename_counts": 0,
"network_object_reused_counts": 0,
"object_group_counts": 15,
"objects_counts": 54,
"port_object_rename_counts": 0,
"port_object_reused_counts": 5,
"security_zone_counts": 13,
"security_zone_manually_created_counts": 0,
"static_routes_counts": 22,
"sub_interface_counts": 11
},
"migration_tool_version": "2.0.3169",
"rule_change_acl_count": 0,
"source_config_counts": 0,
"source_device_model_number": "Check Point Model Not Exists",
"source_device_serial_number": null,
"source_device_version": "R77.30",
"source_type": "Check Point",
"system_information": {
"browser": "Chrome/76.0.3809.100",
"operating_system": "Windows NT 10.0; Win64; x64"
},
"target_device_model": "Cisco Firepower 9000 Series SM-24 Threat Defense",
"target_device_version": "76",
"target_management_type": "6.4.0.4 (build 31)",
"target_management_version": "6.4.0.4 (build 31)",
"template_version": "1.1",
"time": "2019-08-26 12:55:40",
"tool_analytics_data": {
"objectsplit_100_count": 0
},
"tool_performance": {
"config_push_time": 725,
"conversion_time": 29,
"migration_time": 1020
}
},
"version": "1.0"
}
Telemetry Check Point Example File for r80
The following is an example of a telemetry data file on the migration of Check Point configuration to threat defense :
{
"Check Point_config_stats":{
"Ipv6_access_rule_counts":0,
"Ipv6_bgp_count":0,
"Ipv6_nat_rule_count":0,
"Ipv6_network_counts":3,
"Ipv6_static_route_counts":0,
"access_rules_counts":726,
"acl_category_count":0,
"acl_counts":726,
"fqdn_based_access_rule_counts":0,
"nat_rule_counts":335,
"network_object_counts":7645,
"network_object_group_counts":268,
"no_of_fqdn_based_objects":0,
"port_object_counts":1051,
"port_object_group_counts":66,
"s2s_vpn_tunnel_counts":0,
"sgt_based_access_rules_count":0,
"timerange_based_access_rule_counts":0,
"total_unparsed_access_rule_counts":0,
"tunneling_protocol_based_access_rule_counts":0,
"unparsed_config_count":234,
"unsupported_access_rules_count":0,
"unsupported_nat_rule_count":0},
"context_mode":"SINGLE",
"error_description":"No data.",
"error_message":"push failed for object network",
"firewall_mode":"ROUTED",
"log_info_acl_count":0,
"migration_status":"FAIL",
"migration_summary":{
"access_control_policy":[
[
{
"access_rule_counts":0,
"apply_file_policy_rule_counts":0,
"apply_ips_policy_rule_counts":0,
"apply_log_rule_counts":0,
"do_not_migrate_rule_counts":0,
"enable_Global-ACL-Policy":true,
"enable_Zone-Specific-ACL-Policy":false,
"enable_hit_count":false,
"expanded_acp_rule_counts":1,
"name":"Doesn't Exist",
"partially_migrated_acl_rule_counts":0,
"total_acl_element_counts":389416,
"update_rule_action_counts":0
}
]
],
"interface_counts":11,
"interface_group_counts":0,
"interface_group_manually_created_counts":0,
"nat_Policy":[
[
{
"NAT_rule_counts":0,
"do_not_migrate_rule_counts":0,
"name":"Doesn't Exist",
"partially_migrated_nat_rule_counts":0
}
]
],
"network_object_rename_counts":0,
"network_object_reused_counts":0,
"object_group_counts":222,"objects_counts":7148,
"port_object_rename_counts":2,
"port_object_reused_counts":30,
"prefilter_control_policy":[
[
{
"do_not_migrate_rule_counts":0,
"name":null,
"partially_migrated_acl_rule_counts":0,
"prefilter_rule_counts":0
}
]
],
"security_zone_counts":11,
"security_zone_manually_created_counts":0,
"static_routes_counts":0,
"sub_interface_counts":8,
"time_out":false},
"migration_tool_version":"2.1.4283",
"mtu_info":{"interface_name":null,
"mtu_value":null},
"rule_change_acl_count":0,
"selective_policy":
{
"acl":true,
"acl_policy":true,
"application":false,
"csm":false,
"interface":true,
"interface_groups":true,
"migrate_tunneled_routes":false,
"nat":true,
"network_object":true,
"policy_assignment":true,
"populate_sz":false,
"port_object":true,
"routes":true,
"security_zones":true,
"unreferenced":true},
"source_config_counts":0,
"source_device_model_number":"Check Point Model Not Exists",
"source_device_serial_number":null,
"source_device_version":"R77.30",
"source_type":"Check Point",
"system_information":
{
"browser":"Chrome/80.0.3987.163","operating_system":
"Macintosh; Intel Mac OS X 10_15_4"},
"target_device_model":"Cisco Firepower 4110 Threat Defense",
"target_device_version":"76",
"target_management_type":"6.5.0 (build 63)",
"target_management_version":"6.5.0 (build 63)",
"template_version":"1.1",
"time":"2020-04-16 04:50:05",
"tool_analytics_data":{"objectsplit_100_count":6},
"tool_performance":
{
"config_push_time":1457,
"conversion_time":279,
"migration_time":2637
}
}
Feedback