Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
7016
Views
15
Helpful
6
Replies

firepower 1140 zabbix issue

kapydan88
Level 4
Level 4

‎04-05-2020 02:08 PM - edited ‎04-06-2020 12:14 AM

Hello for everyboy. 

Have some issue with adding this device in zabbix monitoring.

According config guide for FMC for firepower 1000 series i need to create snmp settings

161 port for zabbix

community

system admin name - admin (admin name for FMC or Fp1140)

location - mai_dc

fp1140_z1.PNG

and create snmp traps configuration with 162 port and same community, like in previous screen

fp1140_z2.PNG

 

In my case i can see this device in monitoring, but i cant see any events for it and traffic on ports.

In zabbix i used this template - Template Net Cisco IOS SNMPv2.

 

Labels:
0 Helpful
6 Replies 6

Francesco Molino
VIP Alumni
VIP Alumni

‎04-05-2020 07:38 PM

Hi

You need to assign an ip address to diagnostic interface which is the one replying for snmp.
There're multiple posts regarding this discussion. Take a look here:
https://community.cisco.com/t5/network-security/snmp-to-the-ftd-managment-interface/td-p/3049834

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

kapydan88
Level 4
Level 4
In response to Francesco Molino

‎04-06-2020 12:23 AM

Hello,

 

Yes, i added in zabbix ip management interface, not lina. If i understood correctly, all management on this series of devices implemented via management interface ( marked <->).

 

2020-03-26 17-48-33.JPG

 

> expert
**************************************************************
NOTICE - Shell access will be deprecated in future releases
and will be replaced with a separate expert mode CLI.
**************************************************************
admin@firepower-vpn:~$ ifconfig

...

management0 Link encap:Ethernet HWaddr 10:b3:d5:9c:c7:00
inet addr:1.1.1.10 Bcast:1.1.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:595598 errors:0 dropped:0 overruns:0 frame:0
TX packets:416948 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:197932618 (188.7 MiB) TX bytes:63438478 (60.4 MiB)

...

admin@firepower-vpn:~$ exit
logout
>

 

diagnostic zbx.PNG

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-05-2020 11:11 PM

In addition to what @Francesco Molino noted, also please use the Cisco ASA template - not the IOS one.

Francesco Molino
VIP Alumni
VIP Alumni
In response to kapydan88

‎04-06-2020 07:13 PM

Yes ASA and FTD are quite the same on some aspects. You can start with those

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

kapydan88
Level 4
Level 4
In response to Francesco Molino

‎04-06-2021 08:45 AM

In the end, everything was done without problems - from firepower side see screen, from zabbix side i added internal line interface firepower 1140. It works fine, we tried it with different templates - for asa and for another cisco devices (like router or switch)

fmc snmp pol.JPG
Preview file
67 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top