Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1462
Views
0
Helpful
6
Replies

Problem with Configuring SNMP on ASA - looks like FTD code

Go to solution
ABaker94985
Spotlight
Spotlight

‎05-20-2021 02:44 PM - edited ‎05-20-2021 02:45 PM

We have a 5508 running the following software: "Cisco Adaptive Security Appliance Software Version 9.9(2)37"

This is new to me, as the software configures like FTD - when you ssh in, you have to type "system support diagnostic-cli". I've never done that before on ASA code. 

I've attached a couple screen shots. I've been through the GUI and don't see anywhere to configure SNMP. I was able to use flexconfig, but that just doesn't seem right. Can anyone shed some light on this? Thanks

  

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to ABaker94985

‎05-21-2021 08:47 AM

@ABaker94985 the pictures you attached are the Firepower Device Manager (FDM) on-box GUI. The device is running FTD 6.2.3. The ASA version you mentioned is the embedded LINA code which maps to an ASA software version.

SNMP support on these older FTD versions, especially with FDM management is quite limited. You need to use a Flexconfig similar to what's mentioned here:

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/fdm/fptd-fdm-config-guide-623/fptd-fdm-advanced.html?bookSearch=true

As long as you use FDM, that applies even with the latest release (6.7.0.2 as of now).

You may be better served putting the configuration into FMC and managing it from there, including the ability to configure SNMP with a platform policy.

I'd also recommend upgrading to the current recommended release (6.6.4).

View solution in original post

0 Helpful
6 Replies 6

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎05-20-2021 07:58 PM

if this is FTD check the below document ( how you managing this device FDM or FMC ?)

 

AS A 5508 with Firepower Service Module  or ASA re-imaged with FTD

 

 

https://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/213971-configure-snmp-on-firepower-ngfw-applian.html

 

no screenshot we see to this ticket.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
ABaker94985
Spotlight
Spotlight
In response to balaji.bandi

‎05-21-2021 06:41 AM

I've reattached the images. I'm not sure why they didn't stick the first time. This is stand alone. No FMC, no FDM. This shows ASA code:

      Cisco Adaptive Security Appliance Software Version 9.9(2)37

It can't be configured via SSH though, and it seems just like an FTD.

Preview file
103 KB
Preview file
118 KB
0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-21-2021 02:01 AM

Configure it via the FTD platform policy if you are managing via FMC.

0 Helpful

Go to solution
ABaker94985
Spotlight
Spotlight

‎05-21-2021 06:33 AM

We have 3 FMCs in our organization, but this firewall isn't in any of them. The person who initially set this up claims to have configured it as stand alone. He doesn't remember any more details - he got the site up, and that was it.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to ABaker94985

‎05-21-2021 08:47 AM

@ABaker94985 the pictures you attached are the Firepower Device Manager (FDM) on-box GUI. The device is running FTD 6.2.3. The ASA version you mentioned is the embedded LINA code which maps to an ASA software version.

SNMP support on these older FTD versions, especially with FDM management is quite limited. You need to use a Flexconfig similar to what's mentioned here:

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/fdm/fptd-fdm-config-guide-623/fptd-fdm-advanced.html?bookSearch=true

As long as you use FDM, that applies even with the latest release (6.7.0.2 as of now).

You may be better served putting the configuration into FMC and managing it from there, including the ability to configure SNMP with a platform policy.

I'd also recommend upgrading to the current recommended release (6.6.4).

0 Helpful

Go to solution
ABaker94985
Spotlight
Spotlight

‎05-21-2021 09:04 AM

Thanks Marvin. I appreciate all your effort on this forum - you've helped me out with solutions you've posted elsewhere. OK, we configured SNMP through flexconfig yesterday - this seems like such a basic function, that I expected it to be configured elsewhere. Thank you.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card