Monitor Secure Access with Alert Rules

Cisco Secure Access Alert Rules assist you with the task of actively monitoring the status of your Secure Access Network Tunnel Group deployments. When an event occurs and an alert condition is met, Secure Access raises an alert and sends a notification email to recipients configured for each alert.

Secure Access supports these alert types:

• Network tunnel group disconnected—Both primary and secondary hubs are down and have no active network tunnels. This will result in a loss of connectivity for the network tunnel group.
• Hub down in network tunnel group—One of the hubs of the network tunnel group is down and has no active tunnels. This will result in reduced failover and redundancy capabilities, and increased load on the remaining hub.

Secure Access checks the status of network tunnel groups at regular intervals. When a network tunnel group is disconnected or a hub is down and these meet alert conditions, Secure Access will delay the alert for eight minutes. If alert conditions are still met after eight minutes, then Secure Access raises the alert. This delay avoids unnecessary alerts caused by short-lived issues and tunnel flapping.

Navigate to Connect > Network Connections > Network Tunnel Groups to investigate the network tunnel group identified by the alert. For more information, see Manage Network Tunnel Groups.

Table of Contents

• Prerequisites
• Limitations
• Monitor Alerts from Secure Access
• Manage Alert Rules
• Add and Edit Alert Rules
• Investigate Alerts

Prerequisites

• Full Admin role in Secure Access. For more information, see Manage Accounts.

Limitations

• Secure Access supports at most 100 Alert Rules.

Monitor Alerts from Secure Access

Monitor and manage alerts directly from the Secure Access.

1. In your instance of Secure Access, navigate to the toolbar at the top of your browser window.

   

2. Click the bell icon to open the Alerts dropdown. The bell indicates the number of active alerts.

3. Click the Alerts dropdown menu.
   Secure Access lists the alerts in chronological order with the most recent alert shown first.

a. The Alerts dropdown includes the following controls:

• Filter by alerts raised in the last 30 days, last 7 days, or last 24 hours.
• Filter by Active or Dismissed.
• Search by alert name.
• View lists of alerts by Severity: High, Warning, Low, or All.
• Click the X at the top right of an alert to dismiss it.
• Click Dismiss All to dismiss all active alerts.
• Click Alert settings to edit the alert rule.
  Note: Editing the alert rule will dismiss any existing active alerts for that rule. For more information, see Add and Edit Alert Rules.
• Click Alert Rules to navigate to the Alert Rules page. For more information, see Manage Alert Rules.

Manage Alert Rules

Manage, create, and modify alert rules from the Alert Rules table.

1. Navigate to Monitor > Management > Alert Rules.

2. The Alert Rules table includes the following controls:

• Search by alert rule name.
• Filter by Severity: High, Warning, or Low.
• Filter by Status: Enabled or Disabled.
• Add new alert rules.
• Use the checkboxes to select, enable, disable, or delete one or more alert rules.

• Click a rule's ellipsis icon (...) to view details or edit, duplicate, enable, disable, or delete the rule.

3. Click the Rule name to view more details about an alert rule.

• Alert rule settings—Shows when the rule was created and the alert type, severity, detail, and status.
• Conditions applied—Shows any conditions configured for this alert rule.
• Recipients—Lists the email addresses configured to receive email notifications for this alert.

4. Click Delete or Edit to manage the alert rule.

Add and Edit Alert Rules

Navigate to Monitor > Management > Alert Rules, then click + Add alert rule or edit an existing alert rule.

• Step 1: General Settings. Add general information about this alert including its name and severity. Note that editing a rule will dismiss any active alerts for that rule.

  • Each Alert type displays the Alert impact, or the impact of the event that triggers the alert:
    • Network tunnel group disconnected—Both primary and secondary hubs are down and have no active network tunnels. This will result in a loss of connectivity for the network tunnel group.
    • Hub down in network tunnel group—One of the hubs of the network tunnel group is down and has no active tunnels. This will result in reduced failover and redundancy capabilities, and increased load on the remaining hub.
  • Each Alert type has a recommended Severity:
    • Network tunnel group disconnected—High severity is recommended.
    • Hub down in network tunnel group—Warning severity is recommended.

• Step 2: Alert Conditions. Configure the conditions that must be met to raise an alert and send a notification.

  • Require all or any of the conditions.
  • Condition type and Condition—Specify a combination of network tunnel group name or region conditions that will trigger this alert.

• Step 3: Notifications. Add an email address or a comma-separated list of email addresses. When Secure Access raises an alert, recipients will receive an email notifying them of the alert name, severity, event time, type, and conditions, with an link to view the alert in the Secure Access dashboard.
• Step 4: Summary. Review the alert rule details, then click Save.

Investigate Alerts

Navigate to Connect > Network Connections > Network Tunnel Groups to investigate the network tunnel group identified by the alert. For more information, see Manage Network Tunnel Groups.

---

AI Supply Chain Report < Monitor Secure Access with Alert Rules > Cisco Secure Client Overview