Solved: Re: FP1010 FDM 6.7 - configure SNMP via Rest API

Steveo2000 · ‎11-13-2020

Hey, just want to know if there is anyone who could explain how to configure SNMP on FDM 6.7 (Cisco Firepower 1010).

With 6.7 there is no FlexConfig for SNMP anymore and you have to use the REST API and this is nether well

documented anywhere (how to do so), nor are there any tutorials for SNMP configurations via API.

This, for me at least, is a ridiculously complicated way to configure something.

I also have no FMC here.

BR

Steve

Edit: I've used the API Explorer and could GET some Information and also POST some, like location and contact etc.

But I have no clue about the snmphost part.

Marcello75 · ‎01-26-2021

Hi guys, i have solved thanks to this guide:

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/216551-configure-and-troubleshoot-snmp-on-firep.html

Regards

Marcello

View solution in original post

michaelsaleem · ‎11-17-2020

Hey Steve,

Are you trying to configure SNMP v2 or v3?

Steveo2000 · ‎11-23-2020

Sorry for the late reply. Just simple SNMP v2.

michaelsaleem · ‎11-24-2020

Hey Steve,

No problem.

Try the following for SNMP v2:

curl -sk -H "Content-Type: application/json" -H "Authorization: Bearer <ACCESS TOKEN>" -X POST -d \
'{"type":"snmphost","name":"SNMPV2-POLLER","interface":{"type":"physicalinterface","name":"outside"},"managerAddress":{"type":"networkobject","name":"<NETWORK OBJECT NAME>"},"securityConfiguration":{"type":"snmpv2csecurityconfiguration","community":"<COMMUNITY STRING>"}}' \
https://<FDM-MGMT-IP>/api/fdm/latest/object/snmphosts | jq -r '.'

Kind regards,

Michael

Steveo2000 · ‎11-26-2020

Hey thanks for your reply. Unfortunately I can't set this as solved because I don't have access to the Firepower anymore. It's already delivered to our customer. And it sits there on the desk till we get some further information about an site-to-site vpn from another customer. I'll get back to your Post in a couple of weeks.

But thank you so much for your help.

michaelsaleem · ‎11-26-2020

Hey Steve. No problem at all

Marcello75 · ‎12-30-2020

Hi Michael, i have the same problem but i have no idea about Rest API and how to use your script. Please, can you help me? Thank you,

Marcello

michaelsaleem · ‎12-30-2020

Hi Marcello,

Have a read through the following Cisco Firepower Threat Defense REST API guide to get started:

https://www.cisco.com/c/en/us/td/docs/security/firepower/ftd-api/guide/ftd-rest-api/ftd-rest-api-intro.html

Essentially you are just sending a cURL request to the FDM API to configure SNMPv2 programmatically.

You need to request an access token first and then submit this access token in the command I showed in my previous comment (i.e. replace <ACCESS TOKEN> with your access token)

<NETWORK OBJECT> needs to be replaced with a network object that contains the IP address of the SNMP poller.
<COMMUNITY STRING> needs to be replaced with a community string that you define.
<FDM-MGMT-IP> needs to be replaced with the FDM management IP

Kind regards,

Michael

Marcello75 · ‎12-30-2020

Hi MIchael,

really thanks for your answer.

I need to use PRTG Network Monitor software for monitoring FTD and i don't understand what i have to do on the monitoring software (PRTG) and what on the FDM. I haven' t developer background and it's very difficult for me understand the needs.

Regards

Marcello

Marcello75 · ‎01-26-2021

Hi guys, i have solved thanks to this guide:

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/216551-configure-and-troubleshoot-snmp-on-firep.html

Regards

Marcello

Anupam Pavithran · ‎02-06-2021

Here is an easy solution

https://community.cisco.com/t5/security-documents/firepower-device-manager-fdm-6-7-snmp-using-python-script/ta-p/4283247

dave wolfendale · ‎06-21-2021

Wait until you try in v7, this document does not work.

All-in-all, buy something else - not Cisco.