Hi Francesco, 

Ys , platform policy has been configured on FMC GUI. Further 

Could u help & share how to chk this whether this is assigned to correct intended device or not.

And one point I forget to mention that problem is with snmp config only, rest all changes like policy etc which we are pushing from FMC is visible in FTD CLI.

Hi Francesco,

Checked ,  FTD(FPR-2130) is already there added under the policy in FMC. After then only , we are entering for SNMP configuration.

problem is whatever we are pushing related to SNMP (Device -> platform setting -> policy -> FTD->SNMP) there is nothing replication or visbile on the FTD CLI.

However for rest of the configuration changes eg. security policy from FMC GUI, I can see them all in FPR-2130 CLI as well.

Please suggest.

Hi Francesco, 

Please find the FPR version : Version 6.4.0.7 (Build 53)  - [Cisco Firepower 2130]

Output for sh run snmp-server

firepower# sh run snmp-server
no snmp-server location
no snmp-server contact
no snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
firepower#

Screen shot from FMC also attached.

One twist... with new issue 

We have taken a deep dive to NMS and found FTD is available in NMS polling with management interface IP and  which is not actually visible to us from CLI even from FMC too (this management IP of FTD is integrated with FMC at backend), This lead to understanding gap and we started trying to integrate FTD with NMS via a Data Interface IP on FTD (as mgmt IP is not visible there on CLI & FMC under FTP interface).

New problem is now is that - At NMS monitoring .... FTD is showing with management interface & few more (probably 3-4) interface with name tun1, tap0, tap0.1, tap0.100 which is of no purpose for us.

The desired state for which we are doing all this exercise is to get trap notification for all IPSec tunnel which are created on this FTP. 

Would also like to understand, why snmp configuration are not reflecting there in FTD CLI, which were pushed from FMC

Hope, to get the solution now here in this forum/platform.

Hi Francesco, 

I tried everything, but since this is production environment i can't do much R&D even for SNMP. 

Well, i have found other post in forum "https://community.cisco.com/t5/firepower/snmp-to-the-ftd-managment-interface/m-p/3915417/highlight/false#M14743" ....I have requested there to advice for solution.

Meanwhile, please continue to share your inputs Or if anyone having solution fix to problem . please help.

As I noted in the other thread, you are correct that as of the current Firepower release (6.5.0.2) we still need to assign a separate IP address to the diagnostic interface. That allows the NMS to interact with the LINA code within Firepower which handles SNMP instrumentation of the dataplane. The management interface, while it will respond to SNMP if configured to do so, only handles SNMP instrumentation of the physical appliance as it is based within the FX-OS subsystem.

Expect this to change ca. Firepower 6.6 later this year.

(edited 2020-02-09 to reflect 6.6 info.)

Hi Marvin, how are you? Support for SNMP management in the FPR-2100 through the Device Management Interface is coming in 6.6.0 and it will be available via the Platform Settings in FMC and FlexConfig in FDM. 

Thank you for rating helpful posts!

Hi Neno. I’m doing well. Hope you are too.

Thanks for the correction. I updated my earlier post to reflect that. 

I look forward to the improvements coming in the next few releases. 

Ok we are talking about 2 issues. Getting info from the LINA using the diagnostic interface and the 1st pb you bring which is pushing snmp config that's not showing up into your FTD.
What I can propose is to export the platform settings config from the import/export menu and share it in private to see if i can test it on my firepower device. If you can do that, I'll give you my email in a private message.

For the other issue, you need to assign a different ip on the diagnostic as mentioned by @Marvin Rhoads 

Still not available on 6.6

Hi Marvin and Neno, 

Thanks very much for response. 

Finally,  we have to use Diagnostic Interface and configure IP on the same till we have 6.6 version. But can we use IP from same subnet which is there on Management Interface, this is because i am avoiding executing of additional ACL further. NMS server is on same subnet as of management Interface.   

believe there would not be any impact of the Production services if i configure IP on Diagnostic interface. 

Hi Francesco, 

I have share screen shot with you already for configuration, setup and scenario is also explained. You may refer that for your Lab.

Additionally, referring to reply on other post - "The management ip address resides within the firepower part of FTD and not within Lina" .....Trying to understand this statement. is FPR-2130 having two segment inside it Firepower and FTD  and what is difference between LINA , snort and FX-OS. 

rgds