cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3460
Views
15
Helpful
6
Replies

firepower 1140 zabbix issue

kapydan88
Enthusiast
Enthusiast

Hello for everyboy. 

Have some issue with adding this device in zabbix monitoring.

According config guide for FMC for firepower 1000 series i need to create snmp settings

161 port for zabbix

community

system admin name - admin (admin name for FMC or Fp1140)

location - mai_dc

fp1140_z1.PNG

and create snmp traps configuration with 162 port and same community, like in previous screen

fp1140_z2.PNG

 

In my case i can see this device in monitoring, but i cant see any events for it and traffic on ports.

In zabbix i used this template - Template Net Cisco IOS SNMPv2.

 

6 REPLIES 6

Francesco Molino
VIP Mentor VIP Mentor
VIP Mentor
Hi

You need to assign an ip address to diagnostic interface which is the one replying for snmp.
There're multiple posts regarding this discussion. Take a look here:
https://community.cisco.com/t5/network-security/snmp-to-the-ftd-managment-interface/td-p/3049834

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Hello,

 

Yes, i added in zabbix ip management interface, not lina. If i understood correctly, all management on this series of devices implemented via management interface ( marked <->).

 

2020-03-26 17-48-33.JPG

 

> expert
**************************************************************
NOTICE - Shell access will be deprecated in future releases
and will be replaced with a separate expert mode CLI.
**************************************************************
admin@firepower-vpn:~$ ifconfig

...

management0 Link encap:Ethernet HWaddr 10:b3:d5:9c:c7:00
inet addr:1.1.1.10 Bcast:1.1.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:595598 errors:0 dropped:0 overruns:0 frame:0
TX packets:416948 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:197932618 (188.7 MiB) TX bytes:63438478 (60.4 MiB)

...

admin@firepower-vpn:~$ exit
logout
>

 

diagnostic zbx.PNG

Marvin Rhoads
VIP Community Legend VIP Community Legend
VIP Community Legend

In addition to what @Francesco Molino noted, also please use the Cisco ASA template - not the IOS one.

Yes ASA and FTD are quite the same on some aspects. You can start with those

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

In the end, everything was done without problems - from firepower side see screen, from zabbix side i added internal line interface firepower 1140. It works fine, we tried it with different templates - for asa and for another cisco devices (like router or switch)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: