Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5357
Views
15
Helpful
11
Replies

Cisco FTD2130 HA Email notification for failover

Go to solution
domac385
Level 1
Level 1

‎05-28-2020 06:31 AM

Hi,

 

We have in our environment two FTD2130 appliances configured in HA pair and managed over Firepower Management center v 6.2.3.15 while FTD's are v 6.2.3.10.

Every now and then active peer is changed from Active to Standby. I would like to configure Email notification sent to my email address when this happens. I was looking at configuration guide but not sure where and how should I configure it. Because this is in production environment I wouldn't like to break something so any help would be appreciated.

I have configured my internal mail server both in System-Configuration-Email Notification and Devices-Platform Settings-SMTP Server, but not sure which of these is used for my need and what else should I configure to get it working.

 

I just want to be aware of the failover event when it occurs.

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Will_G
Level 1
Level 1

‎05-28-2021 10:45 AM

I was able to accomplish this end with SolarWinds Orion. You'll have to use FlexConfig to enable SNMP first. Failover status is very much able to be monitored with the SNMP OID referenced in this article and alerted on. I imagine other tools would work as well.

 

https://support.solarwinds.com/SuccessCenter/s/article/Monitoring-ASA-failover-nodes?language=en_US

View solution in original post

11 Replies 11

Go to solution
cplassmeyer
Level 1
Level 1

‎05-04-2021 09:07 AM

Did you ever find a solution for this?

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to cplassmeyer

‎05-05-2021 10:05 AM

I don't believe we can do this natively with FMC/FTD (as of the current 6.7 release).

The only alternative I've been able to figure out for doing this is to send the syslog event related to failover to a syslog server that is in turn able to generate an email based on a discriminator/filter.

For what it's worth, I've heard a feature to alert us of failover events is coming soon in CDO.

Go to solution
Will_G
Level 1
Level 1
In response to Marvin Rhoads

‎05-26-2021 04:26 PM

Thanks Marvin

Can't say I'm pleased about this. I had intended to just FlexConfig our old ASA config until I learned those commands are blacklisted as well.

0 Helpful

Go to solution
nspasov
Cisco Employee
Cisco Employee
In response to Will_G

‎05-26-2021 05:10 PM

What commands are you looking to use in FlexConfig that are prohibited? 

0 Helpful

Go to solution
Will_G
Level 1
Level 1
In response to nspasov

‎05-26-2021 05:21 PM

I'm looking for a way to get an alert when and HA Pair failover occurs. It doesn't seem to be supported in FTD. So my plan was to add this into FlexConfig. This is what we used on our HA ASA pair prior to the installation of the Firepower 2120s. All of the "logging" commands return a cli blacklisted error when trying to save them.

 

logging mail critical
logging from-address address@example.com
logging recipient-address address@example.com level emergencies
logging message 104001 level emergencies
logging message 104002 level emergencies
smtp-server 0.0.0.0

0 Helpful

Go to solution
Chakshu Piplani
Cisco Employee
Cisco Employee
In response to Will_G

‎05-28-2021 04:07 PM

Those commands are probably returning blacklisted because this feature is natively available via platform settings on FMC. ( Device --> Platform Settings)

image.png

 

HTH

Regards,

Chakshu

0 Helpful

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎05-26-2021 05:10 PM

You should be able to accomplish this via syslog messages 104002 and 104001 and setting your Logging Destination to SNMP Trap:

104001, 104002

Error Message %ASA-1-104001: (Primary) Switching to ACTIVE (cause: string ).

Error Message %ASA-1-104002: (Primary) Switching to STANDBY (cause: string ).

Explanation You have forced the failover pair to switch roles, either by entering the failover active command on the standby unit, or the no failover active command on the active unit. Primary can also be listed as Secondary for the secondary unit. Possible values for the string variable are as follows:

  • state check
  • bad/incomplete config
  • ifc [interface] check, mate is healthier
  • the other side wants me to standby
  • in failed state, cannot be active
  • switch to failed state
  • other unit set to active by CLI config command fail active
0 Helpful

Go to solution
Will_G
Level 1
Level 1
In response to nspasov

‎05-26-2021 05:42 PM

I see, I'll give it a whirl and see what I can do with this. Thanks.

0 Helpful

Go to solution
Will_G
Level 1
Level 1

‎05-28-2021 10:45 AM

I was able to accomplish this end with SolarWinds Orion. You'll have to use FlexConfig to enable SNMP first. Failover status is very much able to be monitored with the SNMP OID referenced in this article and alerted on. I imagine other tools would work as well.

 

https://support.solarwinds.com/SuccessCenter/s/article/Monitoring-ASA-failover-nodes?language=en_US

Go to solution
cplassmeyer
Level 1
Level 1
In response to Will_G

‎06-08-2021 07:46 AM

Thanks! I was able to set this up via Solarwinds and it works really well.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-28-2021 11:21 AM

By the way that CDO feature is now live. It was enhanced just this week and I can confirm it works.

CDO Alert.PNG

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card