topic Re: FTD 3150 Standby firewall logging issue in Network Security

FTD 3150 Standby firewall logging issue

adity — Wed, 06 Mar 2024 06:40:17 GMT

Hi Community expert,

I need your help to under the below requirement.

Current scenario: We have cisco Firepower 3150 manage by FMC, we have seen that the active firewall logs are receiving on syslog server but standby firewall logs are not coming on the syslog.

Old scenario: previously we had ASA 5516 in that firewall I had configured "logging standby" for getting logs from standby firewall.

So kindly help me if we have same configuration in Firepower.

Re: FTD 3150 Standby firewall logging issue

MHM Cisco World — Wed, 06 Mar 2024 06:44:59 GMT

there is option to enable logging on the standby unit

MHM

Re: FTD 3150 Standby firewall logging issue

adity — Wed, 06 Mar 2024 07:06:02 GMT

Thank you for the help, I got the option and I enabled it but yet not receiving the logs

Re: FTD 3150 Standby firewall logging issue

Max Jobs — Wed, 06 Mar 2024 07:16:15 GMT

Hi Adity,

In Cisco FTD on Firepower 4100/9300 Series appliances, you typically don't configure syslog directly on the standby unit like you would on the ASA with the "logging standby" command. Instead, you configure syslog settings at the FMC level, and it synchronizes the settings to both the active and standby Firepower devices.

Re: FTD 3150 Standby firewall logging issue

MHM Cisco World — Wed, 06 Mar 2024 10:56:47 GMT

If you can access to standby

System support diagnostics-cli

Show run log

Check if logging is enable

If it enable then

Syslog setting some message is by defualt not send to server you need to allow ftd send failover message to server.

MHM

Re: FTD 3150 Standby firewall logging issue

adity — Wed, 06 Mar 2024 11:09:43 GMT

Status of log is enable......

but logs not going

At server end, I have cross checked the configuration too.

Re: FTD 3150 Standby firewall logging issue

Marius Gunnerud — Wed, 06 Mar 2024 13:41:20 GMT

What type of logs are you expecting to see from the standby device? Typically you will not see any traffic syslog from the standby device as all traffic is being passed through the primary / active device.

Re: FTD 3150 Standby firewall logging issue

adity — Thu, 07 Mar 2024 05:40:37 GMT

It means if Failover happen and traffic shift on the secondary FW then logs will send via that firewall....

Re: FTD 3150 Standby firewall logging issue

MHM Cisco World — Thu, 07 Mar 2024 06:12:12 GMT

I already inform you before
""Syslog setting some message is by defualt not send to server you need to allow ftd send failover message to server.""
if you dont see failover log message check Syslog setting
thanks

MHM

Re: FTD 3150 Standby firewall logging issue

Marius Gunnerud — Thu, 07 Mar 2024 08:37:58 GMT

Correct.

Re: FTD 3150 Standby firewall logging issue

MHM Cisco World — Thu, 07 Mar 2024 08:48:25 GMT

FYI

Re: FTD 3150 Standby firewall logging issue

gabriel garciaf — Fri, 08 Mar 2024 03:29:44 GMT

Hi guy

The reason is becouse in Firepower HA the main set up is in the active and the stanby no receive traffic, its not the same way that in ASA, if you want to do a test change the passive to active and goin to see the logs, but the appliance that now is standby not seeing more logs.

Or what is the reason that you need the stadby logs?