Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
983
Views
5
Helpful
1
Replies

Generate Email Alarm for Fail over Cisco Firewall

Brian Tissue
Level 1
Level 1

‎04-13-2020 07:32 AM

I have a few firewalls that I have Cradlepoint 4G LTE devices configured as a backup ISP. Works great, no issues with SLA configuration or anything like that. 

 

However, I need some more brain power. Because everything is up/up including the Ethernet interfaces and the 4G device itself, I can't think of a good way of generating an email alert for when it fails over to the backup ISP.

 

The only elements that really changes is the default route changes on the firewall during a fail over event, and the speed increases on that interface. 

 

Any thoughts to narrow down the alarm to just a fail over event? I've messed around with the syslog levels, but I get a lot of traps/msgs that aren't related to the fail over event.

0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-13-2020 09:55 PM - edited ‎04-13-2020 09:55 PM

When the IP SLA tracking adds a route, the following syslog message should be generated:

 

622001

Error Message %ASA-6-622001: string tracked route network mask address , distance number , table string , on interface interface-name

Explanation A tracked route has been added to or removed from a routing table, which means that the state of the tracked object has changed from up or down.

https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog/syslogs6.html#con_4774896

You can filter on that message or raise its priority for better visibility. For instance:

logging message 622001 level 2

(or whatever level will catch your attention). You can even have the ASA email you when a Level 2 message happens.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card