Hey, just want to know if there is anyone who could explain how to configure SNMP on FDM 6.7 (Cisco Firepower 1010).
With 6.7 there is no FlexConfig for SNMP anymore and you have to use the REST API and this is nether well
documented anywhere (how to do so), nor are there any tutorials for SNMP configurations via API.
This, for me at least, is a ridiculously complicated way to configure something.
I also have no FMC here.
BR
Steve
Edit: I've used the API Explorer and could GET some Information and also POST some, like location and contact etc.
But I have no clue about the snmphost part.
Solved! Go to Solution.
Hi guys, i have solved thanks to this guide:
Regards
Marcello
Hey Steve,
Are you trying to configure SNMP v2 or v3?
Sorry for the late reply. Just simple SNMP v2.
Hey Steve,
No problem.
Try the following for SNMP v2:
curl -sk -H "Content-Type: application/json" -H "Authorization: Bearer <ACCESS TOKEN>" -X POST -d \
'{"type":"snmphost","name":"SNMPV2-POLLER","interface":{"type":"physicalinterface","name":"outside"},"managerAddress":{"type":"networkobject","name":"<NETWORK OBJECT NAME>"},"securityConfiguration":{"type":"snmpv2csecurityconfiguration","community":"<COMMUNITY STRING>"}}' \
https://<FDM-MGMT-IP>/api/fdm/latest/object/snmphosts | jq -r '.'
Kind regards,
Michael
Hey thanks for your reply. Unfortunately I can't set this as solved because I don't have access to the Firepower anymore. It's already delivered to our customer. And it sits there on the desk till we get some further information about an site-to-site vpn from another customer. I'll get back to your Post in a couple of weeks.
But thank you so much for your help.
Hey Steve. No problem at all
Hi Michael, i have the same problem but i have no idea about Rest API and how to use your script. Please, can you help me? Thank you,
Marcello
Hi Marcello,
Have a read through the following Cisco Firepower Threat Defense REST API guide to get started:
Essentially you are just sending a cURL request to the FDM API to configure SNMPv2 programmatically.
You need to request an access token first and then submit this access token in the command I showed in my previous comment (i.e. replace <ACCESS TOKEN> with your access token)
<NETWORK OBJECT> needs to be replaced with a network object that contains the IP address of the SNMP poller.
<COMMUNITY STRING> needs to be replaced with a community string that you define.
<FDM-MGMT-IP> needs to be replaced with the FDM management IP
Kind regards,
Michael
Hi MIchael,
really thanks for your answer.
I need to use PRTG Network Monitor software for monitoring FTD and i don't understand what i have to do on the monitoring software (PRTG) and what on the FDM. I haven' t developer background and it's very difficult for me understand the needs.
Regards
Marcello
Hi guys, i have solved thanks to this guide:
Regards
Marcello