Solved: SNMP on FirePOWER

Isaiah · ‎09-15-2016

I am looking to monitor my FirePOWER Management Center and Services modules on the ASAs via SNMP. However, I do not see and have not been able to find any MIBs or objects related to anything specific to the FirePOWER services or platform. For example, I would really like to retrieve via SNMP the health status and and any alarms on the FMC. Is this possible or is it not implemented? Are there any custom MIBs for these platforms?

Marvin Rhoads · ‎09-15-2016

The support is pretty rudimentary.

Here's the relevant section from the Configuration Guide:

You can enable Simple Network Management Protocol (SNMP) polling for Firepower Management Centers and Classic managed devices. This feature supports use of versions 1, 2, and 3 of the SNMP protocol.

This feature allows access to:

• The standard management information base (MIB), which includes system details such as contact,
administrative, location, service information, IP addressing and routing information, and transmission
protocol usage statistics
• Additional MIBs for 7000 and 8000 Series managed devices that include statistics on traffic passing
through physical interfaces, logical interfaces, virtual interfaces, ARP, NDP, virtual bridges, and virtual routers

View solution in original post

Marvin Rhoads · ‎09-15-2016

The support is pretty rudimentary.

Here's the relevant section from the Configuration Guide:

You can enable Simple Network Management Protocol (SNMP) polling for Firepower Management Centers and Classic managed devices. This feature supports use of versions 1, 2, and 3 of the SNMP protocol.

This feature allows access to:

• The standard management information base (MIB), which includes system details such as contact,
administrative, location, service information, IP addressing and routing information, and transmission
protocol usage statistics
• Additional MIBs for 7000 and 8000 Series managed devices that include statistics on traffic passing
through physical interfaces, logical interfaces, virtual interfaces, ARP, NDP, virtual bridges, and virtual routers

Isaiah · ‎09-15-2016

That is unfortunate. I was hoping there was something more. That information and those MIBs are all so generic as to not really be useful. Thank you though.

ricardo_puga · ‎10-17-2017

- I wish sent the snmp alerts for the port 161 instead port 162

was configured alerts of the system health for snmp, but when the system sends the alerts those alerts go to port 162 snmptrap udp, but the server is waiting the alerts for the port 161 snmppolling, i can 't configure the alerts for than it send for the port 161 snmppolling.

the question is:
the firepower can it send alerts for snmppolling for port 161 udp ?

i attach the image the connection you can see the destination port is 162 snmptrap and not snmppolling 161

Best Regards

Ricardo Puga

ricardo_puga · ‎10-17-2017

Hi Marvin

- I wish sent the snmp alerts for the port 161 instead port 162

was configured alerts of the system health for snmp, but when the system sends the alerts those alerts go to port 162 snmptrap udp, but the server is waiting the alerts for the port 161 snmppolling, i can 't configure the alerts for than it send for the port 161 snmppolling.

the question is:
the firepower can it send alerts for snmppolling for port 161 udp ?

i attach the image the connection you can see the destination port is 162 snmptrap and not snmppolling 161

toddlammle · ‎12-07-2017

hey guys, this is all fixed in FTD...you configure a whole lot of SNMP stuff in the platform settings.

so, maybe this is a good reason to upgrade to FTD??

Lammle.com/firepower

sysko · ‎02-21-2023

I would not upgrade to the FTD.