Solved: Monitor Site-to-Site VPN Status on FTD/FMC 6.4

Mark^ · ‎05-19-2021

Migrated from ASA to FTD and need a reasonable method to monitor whether a site to site tunnel is up. On the ASA, I was able to use snmp, but I don't see that the status is available via snmp on the FTD or the FMC. It is also not clear to me what the FMC "VPN Status" Health Event is monitoring as it just says that the process is running correctly. It says that even if the tunnel is down.

I'm looking for ideas/options/suggestions on methods that get the actual tunnel up/down status.

Mark

Mark^ · ‎05-19-2021

Ugh. After posting, I think I finally found it. If I have this right, it is in fact available via snmp using the following OID

SNMPv2-SMI::enterprises.9.9.171.1.2.1.1.0 (.1.3.6.1.4.1.9.9.171.1.2.1.1)

I am able to use this with Nagios as I wanted. I also did see a Health Event showing that the tunnel went down. Not sure why I wasn't getting the expected results before, so that is usable after all.

Mark

View solution in original post

Mark^ · ‎05-19-2021

Ugh. After posting, I think I finally found it. If I have this right, it is in fact available via snmp using the following OID

SNMPv2-SMI::enterprises.9.9.171.1.2.1.1.0 (.1.3.6.1.4.1.9.9.171.1.2.1.1)

I am able to use this with Nagios as I wanted. I also did see a Health Event showing that the tunnel went down. Not sure why I wasn't getting the expected results before, so that is usable after all.

Mark