Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4075
Views
0
Helpful
7
Replies

FTD 2110 HA SNMP Monitoring

Go to solution
Nikhil5
Level 1
Level 1

‎08-04-2020 10:42 AM

Hello Experts,

I need your help.

We have 2 FTD 2110 devices configured in HA and managed from FMC. My requirement is to monitor high availability state and whenever failover happens, device should generate SNMP trap. 

Device is already configured with SNMP version, community, hosts etc. SNMP polling and trap is working for other health modules only HA monitoring is not working. 

 

Please suggest if this is possible and how to achieve ?

 

Thank you.

 

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Nikhil5

‎08-06-2020 11:33 AM

I mean sometimes there's not a built-in trap that gives us the visibility we need but there exists a syslog message. In these cases we can tell the ASA or FTD device to send that syslog message as a trap to the configured SNMP server.

Details on how to do that can be found here:

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw-virtual/215560-configure-snmp-syslog-traps-for-asa-and.html#anc8

View solution in original post

0 Helpful

Go to solution
Nikhil5
Level 1
Level 1
In response to Nikhil5

‎08-24-2020 06:41 AM

Thank You for your help.

 

We can monitor the HA in two ways - 

Configure manual watches in the Spectrum server and they will monitor HA using below OIDs - 

cfwHardwareStatusValue  1.3.6.1.4.1.9.9.147.1.2.1.1.1.3.
cfwHardwareStatusDetail 1.3.6.1.4.1.9.9.147.1.2.1.1.1.4.
 
or, we can configure Syslog SNMP traps as explain in the above comment.
 

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-04-2020 11:41 AM

What interface are you using to poll currently? The HA bit would have to be monitored from the LINA subsystem (diagnostic interface).

0 Helpful

Go to solution
Nikhil5
Level 1
Level 1
In response to Marvin Rhoads

‎08-05-2020 01:35 AM

Thank you for your response. Yes, we are using "Diagnostic" interface. Attaching snap for the same.

Preview file
28 KB
0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Nikhil5

‎08-05-2020 05:13 AM

OK, that's correct.

I don't believe a failover event will generate an SNMP trap. However it does create a a syslog event (and we can set syslog events to be sent as traps).

However you should be able to poll the device(s) for failover status. Try using OID 1.3.6.1.4.1.9.9.147.1.2.1

0 Helpful

Go to solution
Nikhil5
Level 1
Level 1
In response to Marvin Rhoads

‎08-05-2020 07:03 AM

Thank you for your suggestion, I will ask our NMS team to configure the given OID and will then check polling status. 

 

Please can you confirm regarding syslog, "we can set syslog events to be sent as traps", what dose it mean? 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Nikhil5

‎08-06-2020 11:33 AM

I mean sometimes there's not a built-in trap that gives us the visibility we need but there exists a syslog message. In these cases we can tell the ASA or FTD device to send that syslog message as a trap to the configured SNMP server.

Details on how to do that can be found here:

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw-virtual/215560-configure-snmp-syslog-traps-for-asa-and.html#anc8

0 Helpful

Go to solution
Nikhil5
Level 1
Level 1
In response to Marvin Rhoads

‎08-07-2020 01:10 AM

Thank you, i will try this one and will let you know the outcome.

0 Helpful

Go to solution
Nikhil5
Level 1
Level 1
In response to Nikhil5

‎08-24-2020 06:41 AM

Thank You for your help.

 

We can monitor the HA in two ways - 

Configure manual watches in the Spectrum server and they will monitor HA using below OIDs - 

cfwHardwareStatusValue  1.3.6.1.4.1.9.9.147.1.2.1.1.1.3.
cfwHardwareStatusDetail 1.3.6.1.4.1.9.9.147.1.2.1.1.1.4.
 
or, we can configure Syslog SNMP traps as explain in the above comment.
 
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card