cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3498
Views
0
Helpful
8
Replies

Issues Monitoring SNMP cisco firepower FTD-2100

MedTiti92
Level 1
Level 1
Hi Community!   
 
I'have some issues with monitoring cisco firepower 2100 with snmp in Zabbix. I configure well all snmp in FMC, and i use snmpwalk v2c to poll all interfaces in my zabbix. But the problems, i get others interfaces like :   Can you help me for this issues please ! Thank you for advance.
ZE.PNG
8 Replies 8

Marvin Rhoads
Hall of Fame
Hall of Fame

Are you querying the FTD appliance management interface or diagnostic interface?

The latter one is the correct method and will report interfaces matching the configuration of the Firepower Threat Defense logical device.

The former queries the chassis and will expose the FXOS interfaces which, as you imply, aren't very useful for most cases.

Thanks for reply !

How to query the Diagnostic interface? 

I have this in plateform settings :

aa.PNG

My interface disgnostic doesn't have a Address IP !

 

is There an impact to the production if i give a IP Address to the diagnostic ? And, may I give it in the same subnet of management interface or different subnet of management interface ?

When you use the diagnostic interface it needs to be in the same subnet as the management interface and that subnet needs to be distinct from any other interfaces on the appliance (i.e not the same as the one used by Inside - or any other - interfaces).

Defining, enabling and polling it will not affect any production traffic (assuming you already have the distinct subnet).

the Problem is my management interface of the FMC is in the same subnet of the inside interface. So i think to modify the IP of FMC, no ?

The FMC address doesn't have to change at all.

In order to manage the interface details using the necessary diagnostic interface, the management (and newly configured diagnostic) interfaces need to be on a different subnet than the management interface is currently is on. Of course that will mean updating the management address of the device in FMC.

You can do that by:

1. first make FMC management inactive,

2. change the address on the device locally (including defining a gateway),

3. edit the device management address in FMC and

4. then re-enable FMC management.

Then configure the diagnostic interface in FMC and add it to the SNMP platform settings. Deply config and then point your Zabbix server to the diagnostic address.

I will do and go back to you when done !

MedTiti92
Level 1
Level 1

Hi @Marvin Rhoads 

 

I come back to you after this very long time. Hope you are well.

 

However; i put the diagnostic interface and the management FMC in the same subnets differents on the one in all my others interfaces(inside; outside; DMZ etc ...)

and in my Supervision software i query the diagnostic interface ...but still nothing.

 

Review Cisco Networking for a $25 gift card