10-31-2019 09:44 AM - edited 02-21-2020 09:39 AM
Hello,
We use SNMP v2 through solarwinds for remotely monitoring our devices. We have a Cisco FTD 1010 we are deploying to a site using FDM. I understand you can use flexconfig to enable this, but I'm having some troubles. I verified I have access rules to allow our solarwinds access to the diagnostic port of the 1010 device. I can ping the diagnostic port from our solarwinds server. I have the below FlexConfig Policy in place. The LAN interface of our network is inside_2, we aren't using an out of the box bridge interface for our deployment. Ideas? The 1010 deploys the config with no error, and if I do a show running-config on the device I see it's there.
I tried also doing a system support trace, and nothing ever flags when I put the source IP of our solarwinds server either.
Solved! Go to Solution.
10-31-2019 12:45 PM
In case someone else finds this thread I found the answer! IN FlexConfig did the below setup and applied to a group flexconfix.
snmp-server enable
snmp-server host diagnostic 172.16.1.166 poll community XXXX version 2c
snmp-server location XXXX
snmp-server contact ATS HelpDesk
snmp-server community XXXX
10-31-2019 10:41 AM
I was able to copy from another FTD we have managed by our FMC but still does not work. Getting closer I think, but not quite there..
snmp-server host diagnostic 172.16.1.166 poll community ***** version 2c
snmp-server community *****
10-31-2019 12:45 PM
In case someone else finds this thread I found the answer! IN FlexConfig did the below setup and applied to a group flexconfix.
snmp-server enable
snmp-server host diagnostic 172.16.1.166 poll community XXXX version 2c
snmp-server location XXXX
snmp-server contact ATS HelpDesk
snmp-server community XXXX
02-10-2021 01:49 PM
Hi Travis,
it didn't work for me. I'm getting this message
The template is not valid. Please hover over the icons for detailed error information
Thanks,
Ivan
02-12-2021 07:06 AM
Can you copy and paste what your config looks like? I've deployed a good 10 FTD 1010's successfully with this config.
02-12-2021 07:23 AM
I'm using the 6.7 version.
I spoke to Cisco and they said that I need to do it using rest API.
Which version are you using?
02-12-2021 07:29 AM
Correct - FDM 6.7 has blacklisted the Flexconfig commands necessary for this. Hooray automation.
To use the REST API, some folks from Cisco have recently created a python script that I found to work well.
Please refer to it here:
02-12-2021 07:40 AM
You beat me to the punch Marvin, I was just about to post that, although without the "hooray automation" piece haha.
Here is my two cents from Cisco documentation. I'm right on the edge with 6.6, so from the sounds of it, if\when I upgrade I'll need to learn some API with python finally.
"You can use the FTD API to configure SNMP version 2c or 3 on an FDM or CDO managed FTD device.
We added the following API resources: SNMPAuthentication, SNMPHost, SNMPSecurityConfiguration, SNMPServer, SNMPUser, SNMPUserGroup, SNMPv2cSecurityConfiguration, SNMPv3SecurityConfiguration."
" NOTE: If you used FlexConfig to configure SNMP, you must redo your configuration using the FTD API SNMP resources. The commands for configuring SNMP are no longer allowed in FlexConfig. Simply removing the SNMP FlexConfig object from the FlexConfig policy will allow you to deploy changes; you can then use the object as reference while you use the API to reconfigure the feature."
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide