05-28-2020 06:31 AM
Hi,
We have in our environment two FTD2130 appliances configured in HA pair and managed over Firepower Management center v 6.2.3.15 while FTD's are v 6.2.3.10.
Every now and then active peer is changed from Active to Standby. I would like to configure Email notification sent to my email address when this happens. I was looking at configuration guide but not sure where and how should I configure it. Because this is in production environment I wouldn't like to break something so any help would be appreciated.
I have configured my internal mail server both in System-Configuration-Email Notification and Devices-Platform Settings-SMTP Server, but not sure which of these is used for my need and what else should I configure to get it working.
I just want to be aware of the failover event when it occurs.
Solved! Go to Solution.
05-28-2021 10:45 AM
I was able to accomplish this end with SolarWinds Orion. You'll have to use FlexConfig to enable SNMP first. Failover status is very much able to be monitored with the SNMP OID referenced in this article and alerted on. I imagine other tools would work as well.
https://support.solarwinds.com/SuccessCenter/s/article/Monitoring-ASA-failover-nodes?language=en_US
05-04-2021 09:07 AM
Did you ever find a solution for this?
05-05-2021 10:05 AM
I don't believe we can do this natively with FMC/FTD (as of the current 6.7 release).
The only alternative I've been able to figure out for doing this is to send the syslog event related to failover to a syslog server that is in turn able to generate an email based on a discriminator/filter.
For what it's worth, I've heard a feature to alert us of failover events is coming soon in CDO.
05-26-2021 04:26 PM
Thanks Marvin
Can't say I'm pleased about this. I had intended to just FlexConfig our old ASA config until I learned those commands are blacklisted as well.
05-26-2021 05:10 PM
What commands are you looking to use in FlexConfig that are prohibited?
05-26-2021 05:21 PM
I'm looking for a way to get an alert when and HA Pair failover occurs. It doesn't seem to be supported in FTD. So my plan was to add this into FlexConfig. This is what we used on our HA ASA pair prior to the installation of the Firepower 2120s. All of the "logging" commands return a cli blacklisted error when trying to save them.
logging mail critical
logging from-address address@example.com
logging recipient-address address@example.com level emergencies
logging message 104001 level emergencies
logging message 104002 level emergencies
smtp-server 0.0.0.0
05-28-2021 04:07 PM
Those commands are probably returning blacklisted because this feature is natively available via platform settings on FMC. ( Device --> Platform Settings)
HTH
Regards,
Chakshu
05-26-2021 05:10 PM
You should be able to accomplish this via syslog messages 104002 and 104001 and setting your Logging Destination to SNMP Trap:
Error Message %ASA-1-104001: (Primary) Switching to ACTIVE (cause: string ).
Error Message %ASA-1-104002: (Primary) Switching to STANDBY (cause: string ).
Explanation You have forced the failover pair to switch roles, either by entering the failover active command on the standby unit, or the no failover active command on the active unit. Primary can also be listed as Secondary for the secondary unit. Possible values for the string variable are as follows:
05-26-2021 05:42 PM
I see, I'll give it a whirl and see what I can do with this. Thanks.
05-28-2021 10:45 AM
I was able to accomplish this end with SolarWinds Orion. You'll have to use FlexConfig to enable SNMP first. Failover status is very much able to be monitored with the SNMP OID referenced in this article and alerted on. I imagine other tools would work as well.
https://support.solarwinds.com/SuccessCenter/s/article/Monitoring-ASA-failover-nodes?language=en_US
06-08-2021 07:46 AM
Thanks! I was able to set this up via Solarwinds and it works really well.
05-28-2021 11:21 AM
By the way that CDO feature is now live. It was enhanced just this week and I can confirm it works.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide