diff --git a/agent_based/cisco_asa_connections.py b/agent_based/cisco_asa_connections.py
new file mode 100644
index 0000000000000000000000000000000000000000..753265a3b98b4693a4ae15387ae2e31cb23aebc4
--- /dev/null
+++ b/agent_based/cisco_asa_connections.py
@@ -0,0 +1,115 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# License: GNU General Public License v2
+#
+# Author: thl-cmk[at]outlook[dot]com
+# URL   : https://thl-cmk.hopto.org
+# Date  : 2016.03.24
+#
+# Monitors Cisco ASA connection count
+#
+# works with Cisco ASA 55xx and later, tested witch 5506W and 5512-X, 5585-SSP2
+#
+# 2016-03-24: changed "snmp_scan_function" from ".1.3.6.1.2.1.1.2.0" to ".1.3.6.1.2.1.1.1.0"
+# 2016-07-02: fixed crit/warn to >=
+# 2018-01-09: some fine tuning (changed infotext)
+# 2020-02-13: changed snmp_info from ".1.3.6.1.4.1.9.9.147.1.2.2.2.1.5" to
+#             more specific "1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40"
+# 2020-02-24: added support for Cisco Firepower Threat Defense
+# 2020-04-28: changed item from Cisco ASA connections to Firewall connections --> more clear, with cisco_asa_conn check
+# 2021-03-24: rewrite for CMK 2.0
+#
+# sample snmp walk
+#
+# .1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40.6 = Gauge32: 4987
+# .1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40.7 = Gauge32: 17517
+#
+# CISCO-FIREWALL-MIB::cfwConnectionStatValue.protoIp.currentInUse = Gauge32: 4987
+# CISCO-FIREWALL-MIB::cfwConnectionStatValue.protoIp.high = Gauge32: 17517
+#
+#
+
+from typing import List, NamedTuple
+
+from cmk.base.plugins.agent_based.agent_based_api.v1.type_defs import (
+    DiscoveryResult,
+    CheckResult,
+    StringTable,
+)
+
+from cmk.base.plugins.agent_based.agent_based_api.v1 import (
+    register,
+    Service,
+    check_levels,
+    SNMPTree,
+    startswith,
+    contains,
+    any_of,
+)
+
+
+class CiscoAsaFwConnections(NamedTuple):
+    current: int
+    peak: int
+
+
+# [[['1102', '2290']]]
+def parse_cisco_asa_connections(string_table: List[StringTable]) -> CiscoAsaFwConnections:
+    return CiscoAsaFwConnections(
+        current=int(string_table[0][0][0]),
+        peak=int(string_table[0][0][1])
+    )
+
+
+#  CiscoAsaFwConnections(current=1102, peak=2290)
+def discovery_cisco_asa_connections(section: CiscoAsaFwConnections) -> DiscoveryResult:
+    yield Service()
+
+
+def check_cisco_asa_connections(params, section: CiscoAsaFwConnections) -> CheckResult:
+    yield from check_levels(
+        section.current,
+        # levels_lower=params.get('lower', None),
+        levels_upper=params.get('connections', None),
+        metric_name='fw_connections_active',
+        render_func=lambda v: '%s' % str(v),
+    )
+
+    yield from check_levels(
+        section.peak,
+        label='Max. since system startup',
+        metric_name='peak_connections',
+        render_func=lambda v: '%s' % str(v),
+    )
+
+
+register.snmp_section(
+    name='cisco_asa_connections',
+    parse_function=parse_cisco_asa_connections,
+    fetch=[
+        SNMPTree(
+            base='.1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40',  # CISCO-FIREWALL-MIB::cfwConnectionStatValue.protoIp
+            oids=[
+                '6',  # currentInUse
+                '7',  # protoIp.high
+            ]
+        ),
+    ],
+    detect=any_of(
+        startswith('.1.3.6.1.2.1.1.1.0', 'cisco adaptive security'),
+        # startswith('.1.3.6.1.2.1.1.1.0', 'cisco firepower threat defense'),
+        startswith('.1.3.6.1.2.1.1.1.0', 'ccisco firewall services'),
+        contains('.1.3.6.1.2.1.1.1.0', 'cisco pix security'),
+
+    )
+)
+
+register.check_plugin(
+    name='cisco_asa_connections',
+    service_name='Firewall connections',
+    discovery_function=discovery_cisco_asa_connections,
+    check_function=check_cisco_asa_connections,
+    check_default_parameters={},
+    check_ruleset_name='cisco_fw_connections'
+)
diff --git a/checkman/cisco_asa_connections b/checkman/cisco_asa_connections
deleted file mode 100644
index f382ef3d5836bc0385028e724b8a25dee4f6567a..0000000000000000000000000000000000000000
--- a/checkman/cisco_asa_connections
+++ /dev/null
@@ -1,23 +0,0 @@
-title: Cisco ASA/FirewPower firewall connections
-agents: snmp
-catalog: hw/network/cisco
-license: GPL
-distribution: https://thl-cmk.hopto.org
-description:
- This check monitors the number of connections through the firewall. It goes 
- warning/critical if the number of connections is above the configred levels 
- (default is: warning above 3000 connections, critical above 5000 connections). 
- If the number of connection is below the configured minimum the check goes 
- critical. This check works with Cisco ASA 55XX and Firepower Threat defense 
- firewalls. It requires no separeate plugin or special configuration on the 
- target host.
-
-
-perfdata:
- current_connections: number of current connection through the firewall
- max_connections: number of maximum connections since the restart of the firewall
-
-inventory:
- looks in sysDesc for "cisco adaptive security appliance" and "cisco adaptive 
- security appliance". If one of them found, it will create the service "Firewall
- connections"
diff --git a/checks/cisco_asa_connections b/checks/cisco_asa_connections
deleted file mode 100644
index f89f7ed7ce8fafcf4158a221309f996a160dbac7..0000000000000000000000000000000000000000
--- a/checks/cisco_asa_connections
+++ /dev/null
@@ -1,74 +0,0 @@
-#!/usr/bin/python
-# -*- encoding: utf-8; py-indent-offset: 4 -*-
-#
-# created by Th.L.:
-#
-# Monitors Cisco ASA connection count
-#
-# works with Cisco ASA 55xx and later, tested witch 5506W and 5512-X, 5585-SSP2
-#
-# 24.03.2016: changed "snmp_scan_function" from ".1.3.6.1.2.1.1.2.0" to ".1.3.6.1.2.1.1.1.0"
-# 02.07.2016: fixed crit/warn to >=
-# 09.01.2018: some fine tuning (changed infotext)
-# 13.02.2020: changed snmp_info from ".1.3.6.1.4.1.9.9.147.1.2.2.2.1.5" to more specific "1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40"
-# 24.02.2020: added support for Cisco Firepower Threat Defense
-# 28.04.2020: changed item from Cisco ASA connections to Firewall connections --> streamline for FirePower
-#
-# sample snmp walk
-#
-# .1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40.6 = Gauge32: 4987
-# .1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40.7 = Gauge32: 17517
-#
-# CISCO-FIREWALL-MIB::cfwConnectionStatValue.protoIp.currentInUse = Gauge32: 4987
-# CISCO-FIREWALL-MIB::cfwConnectionStatValue.protoIp.high = Gauge32: 17517
-#
-# sample info
-#
-# [[u'4987', u'17517']]
-#
-# connection levels (warn,crit,minimum)
-cisco_asa_connections_default_levels = (3000, 5000,100)
-
-
-def inventory_cisco_asa_connections(info):
-    if len(info) > 0:
-        return [(None, cisco_asa_connections_default_levels)]
-
-
-def check_cisco_asa_connections(_no_item, params, info):
-    if len(info) > 0:
-        warn, crit, minimum = params
-        current_connections = int(info[0][0])
-        max_connections = int(info[0][1])
-        #             label                  value               warn  crit  min max
-        perfdata = [('current_connections', current_connections, warn, crit, 1000, 2000),
-                    ('max_connections', max_connections)]
-        infotext = ''
-
-        if current_connections >= crit:
-            infotext = '%d (>=%d)(!!)/%d current/max connections' % (current_connections, crit, max_connections)
-            return 2, infotext, perfdata
-        elif current_connections >= warn:
-            infotext = '%d (>=%d)(!)/%d current/max connections' % (current_connections, warn, max_connections)
-            return 1, infotext, perfdata
-        elif current_connections < minimum:
-            infotext = '%d (<%d)(!!)/%d current/max connections' % (current_connections, minimum, max_connections)
-            return 2, infotext, perfdata
-        else:
-            infotext = '%d/%d current/max connections' % (current_connections, max_connections)
-            return 0, infotext, perfdata
-
-
-check_info['cisco_asa_connections'] = {
-    'check_function'     : check_cisco_asa_connections,
-    'inventory_function' : inventory_cisco_asa_connections,
-    'service_description': 'Firewall connections',
-    'has_perfdata'       : True,
-    'group'              : 'cisco_asa_connections',
-    'snmp_scan_function' : lambda oid: oid('.1.3.6.1.2.1.1.1.0').lower().startswith('cisco adaptive security appliance')
-                                       or oid('.1.3.6.1.2.1.1.1.0').lower().startswith('cisco firepower threat defense'),
-    'snmp_info'          : ('.1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40', [  # CISCO-FIREWALL-MIB::cfwConnectionStatValue.protoIp
-                             '6',  # CISCO-FIREWALL-MIB::cfwConnectionStatValue.protoIp.currentInUse
-                             '7',  # CISCO-FIREWALL-MIB::cfwConnectionStatValue.protoIp.high
-                           ]),
-}
diff --git a/cisco_asa_connections.mkp b/cisco_asa_connections.mkp
index 7a509960ae58fe647636d3caac8b13eeec7fb7a2..8708cca2311ad7e41c4c2e57fcfb8afcf738528b 100644
Binary files a/cisco_asa_connections.mkp and b/cisco_asa_connections.mkp differ
diff --git a/packages/cisco_asa_connections b/packages/cisco_asa_connections
index 037302e2ef94b17d9cd984fcadde96c15b380fc9..19c2cb79b86f9c815ff44b6c921be20506674cc2 100644
--- a/packages/cisco_asa_connections
+++ b/packages/cisco_asa_connections
@@ -1,13 +1,20 @@
-{'author': u'Th.L. (thl-cmk[at]outlook[dot]com)',
- 'description': u'monitors Cisco ASA number of connetions\nMinimum/Warning/Critical level can be configured via wato.\n\n - 24.02.2020: added support for Cisco Firepower Threat Defense\n\nNote: item changed from Cisco ASA connections to Firewall connections\n',
+{'author': '(thl-cmk[at]outlook[dot]com',
+ 'description': 'monitors Cisco ASA number of connetions\n'
+                'Minimum/Warning/Critical level can be configured via wato.\n'
+                '\n'
+                ' - 2020-02-24: added support for Cisco Firepower Threat '
+                'Defense\n'
+                ' - 2021-03-24: rewritten for new check API\n'
+                '\n'
+                'Note: item changed from Cisco ASA connections to Firewall '
+                'connections\n',
  'download_url': 'https://thl-cmk.hopto.org',
- 'files': {'checkman': ['cisco_asa_connections'],
-           'checks': ['cisco_asa_connections'],
-           'web': ['plugins/wato/cisco_asa_connections.py',
-                   'plugins/metrics/cisco_asa_connections.py']},
+ 'files': {'agent_based': ['cisco_asa_connections.py'],
+           'web': ['plugins/metrics/cisco_asa_connections.py']},
  'name': 'cisco_asa_connections',
- 'num_files': 4,
- 'title': u'Monitor Cisco ASA connections',
- 'version': '20200428.v.0.3b',
- 'version.min_required': '1.2.6p12',
- 'version.packaged': '1.4.0p38'}
\ No newline at end of file
+ 'num_files': 2,
+ 'title': 'Monitor Cisco ASA connections',
+ 'version': '20210324.v.0.4',
+ 'version.min_required': '2.0.0',
+ 'version.packaged': '2.0.0p1',
+ 'version.usable_until': None}
\ No newline at end of file
diff --git a/web/plugins/wato/cisco_asa_connections.py b/web/plugins/wato/cisco_asa_connections.py
deleted file mode 100644
index aa9de057fcf63225656defc41265d317c9719775..0000000000000000000000000000000000000000
--- a/web/plugins/wato/cisco_asa_connections.py
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/usr/bin/python
-# -*- encoding: utf-8; py-indent-offset: 4 -*-
-#
-# Author : Th.L.
-# Content: wato plugin for snmp check 'cisco_asa_connections' 
-#          to configure waring/critical/minimum levels
-#
-#
-register_check_parameters(
-    subgroup_networking,
-    'cisco_asa_connections',
-    _('Cisco ASA/FP firewall connections'),
-    Tuple(
-        title=_('Cisco ASA/FP firewall connections'),
-        elements=[
-            Integer(title=_('warning at'), unit=_('connections'), default_value=3000),
-            Integer(title=_('critical at'), unit=_('connections'), default_value=5000),
-            Integer(title=_('minimum'), unit=_('connections'), default_value=100),
-        ]
-    ),
-    None, None
-)