Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
710
Views
2
Helpful
1
Replies

Firepower - SNMP poller to standby device

rob.hicks1
Level 1
Level 1

‎10-09-2023 10:19 AM - edited ‎10-10-2023 04:16 AM

I am trying to set up an SNMP poller to monitor both devices within a primary/standby pair.  The poller can successfully access the primary device/contexts , however it does not seem able to access the secondary devices.

The 2130 Firepower pair is running in multicontext mode, and none of the standby contexts are reachable from the SNMP poller, except for the admin context (all contexts managed via their inside interfaces).  There are no errors/hits in the logs to even suggest the traffic hit the firewall, and the configs appear to be in sync across primary and standby device. I can see from packet captures that the packets are hitting the firewall.

I believe it should be possible to poll the secondary device as it looks to be working for another Firepower pair which is running on the same hardware and software.

If anyone has any ideas, that would be great.

Labels:
1 Reply 1

urathod
Cisco Employee
Cisco Employee

‎11-16-2023 04:28 AM

Monitoring secondary devices in a primary/standby setup can be tricky, especially in a multi-context setup. Here are some possible suggestions to resolve this issue:

  1. SNMP configuration: Confirm that you've configured SNMP on the secondary device as well as on the primary device. The SNMP setup should be replicated on both devices.

  2. SNMP community strings: Make sure the community strings are same for both devices and are correctly configured in your SNMP poller.

  3. Firewall rules: Ensure that firewall rules allow SNMP traffic to and from the secondary device. Even though your primary and secondary devices might have the same configuration, the rules could be applied differently on a standby unit.

  4. Routing: Check if there is a proper routing path for the SNMP traffic to reach the secondary device and the responses to get back to the SNMP server.

  5. SNMP version: If you're using SNMPv3, ensure that the security parameters (like username, authentication password, privacy password) are exactly the same on both devices.

  6. Failover link: Check the failover link. If it's not healthy, that could be causing the issue.

  7. SNMP server: Some SNMP servers have a setting that prevents polling of standby devices. Check your SNMP server's documentation or settings to see if this is the case.

If all these are correctly set and you're still experiencing issues, it might be worth reaching out to Cisco support for more in-depth troubleshooting.

If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.

You can also learn more about Secure Firewall (formerly known as NGFW) through our live Ask the Experts (ATXs) session. Check out Cisco Network Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card