Hi Rob,

The issue that the FTD is running ospf with core switch. The FTD has DMZ interface where they have an ESA. The customer has two data centers and when we do failover to the DC2, we need these DC1 DMZ routes to be removed from the routing table. My plan was to track an internet IP and shutdown the inside interface of FTD so that the ospf will be down from FTD to core and the DMZ route will be removed from the downstream devices.

Hi,

I have seen this link. But as stated there is no option to configure event track. In my case I need to monitor an internet IP and when it is unreachable I need to run EEM. So I don’t think I can use the solution in the link.

@SHABEEB KUNHIPOCKER event track is not supported on ASA and FTD. I just had a thought why dont you use the syslog ID "718063    Error Message %ASA-5-718063: Interface interface_name is down" and "718064  Error Message %ASA-5-718064: Admin. interface interface_name is down". as syslog are supported on EEM applet

on based of these log ID you can create the EEM applet and run it.

Yes you correct 

Even track not support' 

You can use syslog' but syslog for what 

Here the Q

The answer you can use static route with track and use syslog for add remove this route to rib and config eem. 

syslog can be use against the "name if" here is the log id and description " "718063 Error Message %ASA-5-718063: Interface interface_name is down"

He use IP SLA because the FTD side not down when ISP interface down'

So we will use static route only for eem and detect it add remove.

In that case there are the syslog id need to be configured.

609001
302020
302021
609002
622001

I get these syslog id from Cisco Document 

https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog.pdf

I am far from my PC I already run lab using this syslog, hope share this lab tonight 

Hello,

Our issue is that we cannot use static route as we are already running ospf in the FTD, and we need to remove some subnets from getting advertised to ospf when the upstream internet link goes down.

you detect the 8.8.8.8 use static route to 8.8.4.4, we talk here about any static route not specific one 
route OUT 8.8.4.4 255.255.255.255 <ISP> track x 
then use EEM and shut down or remove net under OSPF 

@SHABEEB KUNHIPOCKER you can configure the Interface syslog id as mentioned in my earlier post and run the EEM applet aganist it. If this is production network which I assume it is. There is a less chance of false positive as you or some one else from network team will shutting the any interface of the firewall. so syslog id 718063 and 718064 is your best bet. unless otherwise, you get the syslog id of the ospf adjacency syslog id and run against the EEM applet.

I am afraid you only have these options with EEM applet.