cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

2303
Views
0
Helpful
7
Replies
Nikhil5
Beginner

FTD 2110 HA SNMP Monitoring

Hello Experts,

I need your help.

We have 2 FTD 2110 devices configured in HA and managed from FMC. My requirement is to monitor high availability state and whenever failover happens, device should generate SNMP trap. 

Device is already configured with SNMP version, community, hosts etc. SNMP polling and trap is working for other health modules only HA monitoring is not working. 

 

Please suggest if this is possible and how to achieve ?

 

Thank you.

 

2 ACCEPTED SOLUTIONS

Accepted Solutions
Marvin Rhoads
VIP Community Legend

I mean sometimes there's not a built-in trap that gives us the visibility we need but there exists a syslog message. In these cases we can tell the ASA or FTD device to send that syslog message as a trap to the configured SNMP server.

Details on how to do that can be found here:

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw-virtual/215560-configure-snmp-syslog-traps-for-asa-and.html#anc8

View solution in original post

Thank You for your help.

 

We can monitor the HA in two ways - 

Configure manual watches in the Spectrum server and they will monitor HA using below OIDs - 

cfwHardwareStatusValue  1.3.6.1.4.1.9.9.147.1.2.1.1.1.3.
cfwHardwareStatusDetail 1.3.6.1.4.1.9.9.147.1.2.1.1.1.4.
 
or, we can configure Syslog SNMP traps as explain in the above comment.
 

View solution in original post

7 REPLIES 7
Marvin Rhoads
VIP Community Legend

What interface are you using to poll currently? The HA bit would have to be monitored from the LINA subsystem (diagnostic interface).

Thank you for your response. Yes, we are using "Diagnostic" interface. Attaching snap for the same.

Marvin Rhoads
VIP Community Legend

OK, that's correct.

I don't believe a failover event will generate an SNMP trap. However it does create a a syslog event (and we can set syslog events to be sent as traps).

However you should be able to poll the device(s) for failover status. Try using OID 1.3.6.1.4.1.9.9.147.1.2.1

Thank you for your suggestion, I will ask our NMS team to configure the given OID and will then check polling status. 

 

Please can you confirm regarding syslog, "we can set syslog events to be sent as traps", what dose it mean? 

Marvin Rhoads
VIP Community Legend

I mean sometimes there's not a built-in trap that gives us the visibility we need but there exists a syslog message. In these cases we can tell the ASA or FTD device to send that syslog message as a trap to the configured SNMP server.

Details on how to do that can be found here:

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw-virtual/215560-configure-snmp-syslog-traps-for-asa-and.html#anc8

View solution in original post

Thank you, i will try this one and will let you know the outcome.

Thank You for your help.

 

We can monitor the HA in two ways - 

Configure manual watches in the Spectrum server and they will monitor HA using below OIDs - 

cfwHardwareStatusValue  1.3.6.1.4.1.9.9.147.1.2.1.1.1.3.
cfwHardwareStatusDetail 1.3.6.1.4.1.9.9.147.1.2.1.1.1.4.
 
or, we can configure Syslog SNMP traps as explain in the above comment.
 

View solution in original post

Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: ISE Demo (50%)

Content for Community-Ad