Re: SNMPv3 Setup for Cisco FTD 3105's on 7.4.2.1 Managed By FMC 7.4.2.

jason-hickman · ‎01-31-2025

I am trying to configure SNMPv3 polling for an HA pair of Cisco FTD 3105's running 7.4.2.1 (Build 30) but that are managed by a Cisco FMC also running 7.4.2.1 (Build 30). I understand how to go to Devices\Device Management\Platform Settings\SNMP and complete all of the necessary details and then Deploy the changes to the FTD's. That part is done. SolarWinds is able to successfully ping the IP address of the Management interface of the FTD, but it cannot successfully poll the FTD's. In fact, when I test the connection between SolarWinds and the FTD the connection fails. I am 1000% sure I am using the correct username and auth/privacy passwords for the account. I would like for the SNMP polling to occur using the Managment interface, and I have configured the Device Management Interface to be used under the SNMP Management Hosts settings. Syslogs are working over the Device Management Interface so I'm not sure why SNMP isn't. Also, I am successfully using SNMPv3 polling for the FMC server itself (although it is odd to me, I cannot select SHA-256 or AES-256 especially since SHA-1 and AES-128 which can be used are considered outdated) using the same username and authentication/privacy passwords as being used for the FTD's. It doesn't look like SolarWinds is gathering any data from the FTD's when I view the FMC (and I wouldn't really expect it to) but something seems to be blocking SolarWinds ability to poll the IP's of the Management interface of either FTD using ports 161 for polling and 162 for traps. Is there another configuration I still need to make somewhere via the FMC? Any other ideas?

Chris S-C · ‎02-01-2025

Have you tried doing a TCPdump on the FTD for ports 161 & 162? That'll tell you whether any SNMPv3 traffic is heading in/out.

Also, SNMP traps may not work as there is a bug https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwm87409 for which a hotfix has been released very recently.

I'll have a look at my setup at work on Monday and try to come back with a better answer and the hotfix ID.

Marvin Rhoads · ‎02-01-2025

I changed my SolarWinds (NPM 2025.1.0) polling of our Firepower 1140 HA pair (FMC-managed version 7.6 on FMC and FTD) to use SNMPv3. It appears to be working fine.

On the SolarWinds side it looks like this (note FTD only supports Read, so no Read-Write credentials should be provided):

The SNMP platform settings in FMC look like this:

These three links were useful:

https://secure.cisco.com/secure-firewall/docs/snmp-monitoring

https://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/213971-configure-snmp-on-firepower-ngfw-applian.html#toc-hId-1173987284

https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config-guide-v66/platform_settings_for_firepower_threat_defense.html#task_C98446BB601C4930974E7E287B1784C0

I also checked by capturing the traffic from my SolarWinds server and supplying Wireshark (Edit > Preferences > Protocols > SNMP > Edit Users Table, Add User) the SNMPv3 username and auth/priv methods and passwords so that I could fully decode the captured traffic.

jason-hickman · ‎02-03-2025

Thank you all for the help. Upon further investigation, all of my configurations were correct on the Cisco FMC/FTD side, however, SolarWinds was defaulting to the wrong polling server, so the FMC/FTD were not allowing the polling to occur. The issue has been remediated, and things are now working great.

SNMPv3 Setup for Cisco FTD 3105's on 7.4.2.1 Managed By FMC 7.4.2.1