Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3499
Views
0
Helpful
8
Replies

Issues Monitoring SNMP cisco firepower FTD-2100

MedTiti92
Level 1
Level 1

‎03-17-2020 07:40 AM

Hi Community!   
 
I'have some issues with monitoring cisco firepower 2100 with snmp in Zabbix. I configure well all snmp in FMC, and i use snmpwalk v2c to poll all interfaces in my zabbix. But the problems, i get others interfaces like :   Can you help me for this issues please ! Thank you for advance.
ZE.PNG
Preview file
15 KB
0 Helpful
8 Replies 8

Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-17-2020 08:07 AM

Are you querying the FTD appliance management interface or diagnostic interface?

The latter one is the correct method and will report interfaces matching the configuration of the Firepower Threat Defense logical device.

The former queries the chassis and will expose the FXOS interfaces which, as you imply, aren't very useful for most cases.

0 Helpful

MedTiti92
Level 1
Level 1
In response to Marvin Rhoads

‎03-17-2020 11:40 PM

Thanks for reply !

How to query the Diagnostic interface? 

I have this in plateform settings :

aa.PNG

0 Helpful

MedTiti92
Level 1
Level 1
In response to MedTiti92

‎03-17-2020 11:56 PM

My interface disgnostic doesn't have a Address IP !

 

is There an impact to the production if i give a IP Address to the diagnostic ? And, may I give it in the same subnet of management interface or different subnet of management interface ?

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to MedTiti92

‎03-18-2020 12:20 AM

When you use the diagnostic interface it needs to be in the same subnet as the management interface and that subnet needs to be distinct from any other interfaces on the appliance (i.e not the same as the one used by Inside - or any other - interfaces).

Defining, enabling and polling it will not affect any production traffic (assuming you already have the distinct subnet).

0 Helpful

MedTiti92
Level 1
Level 1
In response to Marvin Rhoads

‎03-18-2020 12:30 AM

the Problem is my management interface of the FMC is in the same subnet of the inside interface. So i think to modify the IP of FMC, no ?

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to MedTiti92

‎03-18-2020 01:09 AM

The FMC address doesn't have to change at all.

In order to manage the interface details using the necessary diagnostic interface, the management (and newly configured diagnostic) interfaces need to be on a different subnet than the management interface is currently is on. Of course that will mean updating the management address of the device in FMC.

You can do that by:

1. first make FMC management inactive,

2. change the address on the device locally (including defining a gateway),

3. edit the device management address in FMC and

4. then re-enable FMC management.

Then configure the diagnostic interface in FMC and add it to the SNMP platform settings. Deply config and then point your Zabbix server to the diagnostic address.

0 Helpful

MedTiti92
Level 1
Level 1
In response to Marvin Rhoads

‎03-18-2020 06:06 AM

I will do and go back to you when done !

0 Helpful

MedTiti92
Level 1
Level 1

‎07-22-2021 05:21 AM

Hi @Marvin Rhoads 

 

I come back to you after this very long time. Hope you are well.

 

However; i put the diagnostic interface and the management FMC in the same subnets differents on the one in all my others interfaces(inside; outside; DMZ etc ...)

and in my Supervision software i query the diagnostic interface ...but still nothing.

 

Preview file
54 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card