10-11-2024 05:26 AM
I'm in the process of upgrading all of my firepower devices from 7.2.8 to 7.4.2 as it is the suggested release.
we use the data interfaces as the management interface for most remote devices.
As I upgrade each one, I'm now presented with a critical warning the Interface Management0 has no link.
I have turned off interface statistics in the health monitor policy, and all devices show green on the health monitor page.
but the drop down notification screen still shows 6 critical warnings. See attached screenshots.
all devices are working normally. VPN tunnels and traffic are not affected.
I have a case open with TAC, they're not getting back to me till Monday.
I thought maybe someone here might know the solution.
Solved! Go to Solution.
10-11-2024 12:07 PM
I found it.
you need to go to Devices / Device Management,
Select the Device, and go to Health / Excluded
Check Interface status in this screen and the warning goes away.
10-11-2024 09:11 AM
that is ok that is complaining about no traffic, that is not to worry bit.
coupld be cosmetic bug.
10-11-2024 11:39 AM - edited 10-11-2024 11:40 AM
If you are not using the management interface, you can exclude it from monitoring - use the System > Health > Exclude menu
10-11-2024 11:59 AM
the management interface is not listed as something to exclude in the menu.
I already have tried interface statistics, but that doesn't clear it up in the drop down notification menu.
10-11-2024 12:07 PM
I found it.
you need to go to Devices / Device Management,
Select the Device, and go to Health / Excluded
Check Interface status in this screen and the warning goes away.
10-14-2024 02:13 AM
@Lee Dress that option will exclude all interface monitoring from health policy and associated alerts. 7.4+ will allow you to do a custom exclusion to remove only a subset of interfaces - such as management only - while continuing to monitor all others.
10-14-2024 05:10 AM
I do not see the option in my system health exclude screen.
10-14-2024 05:19 AM
I see it now. maybe because all of my devices weren't upgraded to 7.4.2 it wasn't showing.
trying your suggestion now.
10-14-2024 05:31 AM
this didn't work. the exclusion is for Management 1/1 but my warning is for management0. I still have health warnings on all the devices that use the Data interfaces as the management interface. there is no option for "management0" in the list.
10-14-2024 07:41 AM - edited 10-14-2024 07:42 AM
I just checked a deployment with remote 1010s with FTD 7.2.8 managed via their data interface. management0 in clish (ftd cli shell) is equivalent to Management1/1 or "diagnostic" in the LINA shell (system support diagnostic cli).
In any case, your settings there should result in the exclusion of those alerts (assuming the exclusion policy had been associated to the device and deployed).
If that's not working, a TAC case might be a good next step.
10-14-2024 08:03 AM
10-14-2024 05:25 AM
Only after you enable module level exclusion and then Network Card / Interface move the slider for Interface Statistics will you see the option to select individual interfaces.
The screenshot below is on FMC 7.6, but I have confirmed it is available on 7.2.x and 7.4.x as well.
10-14-2024 07:47 AM
I tried that with Management 1/1 but when I turned off my exclusions the warnings for management0 came back.
thank you for trying to help. I appreciate it.
10-14-2024 06:48 AM
10-14-2024 01:40 AM
We excluded the interface status in the health policy, but the warning in FMC is still shown in 7.4.2. With 7.2.8 no warnings were shown. Any suggestions ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide