Solved: SNMP check on interface on ASA failover installation

eekman · ‎11-30-2016

I have two ASA 5520 (soon to be replaced I hope) configured in failover. I want SNMP to check status of the interfaces so I get a notice if something goes bad. However, since a failover can be trigged and the standby unit takes over the active interfaces and IP addresses, a simple PING is not enough. The health checks must be run on a physical interface regardless of active status.

Any best practices on this?

mattjones03 · ‎12-04-2016

Hi Erik,

I have tackled this with the following two solutions;

1. Deploy SNMP monitoring on the downstream switch/switches that connect to your ASA's, as this will notify you of any physical interface outages etc.

2. Configure the SMTP settings, along with a defined event list within your ASA, to observe the syslog IDs committed when a failover is initiated. This will then send you/your team an email when a failover occurs.

View solution in original post

mattjones03 · ‎12-04-2016

Hi Erik,

I have tackled this with the following two solutions;

1. Deploy SNMP monitoring on the downstream switch/switches that connect to your ASA's, as this will notify you of any physical interface outages etc.

2. Configure the SMTP settings, along with a defined event list within your ASA, to observe the syslog IDs committed when a failover is initiated. This will then send you/your team an email when a failover occurs.