- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
02-06-2021 04:23 AM - edited 11-08-2023 12:03 AM
Problem:
SNMP on FDM was introduced in version 6.7. As of now, we only have the option to push via API. The current method is time-consuming, and knowledge of API is needed.
Here is the current guide we have.
https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/216551-configure-and-troubleshoot-snmp-on-firep.html
Solution
@Dinesh Verma and I created a script that automates the entire workflow using Python. You only need to enter the details pertaining to SNMPv2/SNMPv3; the script takes care of everything else. The script is available in the following GitHub repository.
https://github.com/anupamx47/FDM-SNMP/tree/main
1) Preparation:
1.Download the Script:
- Go to the script's GitHub page: fdm-snmp.py.
- Click the "Download Zip" button, under "code" to download the Python script to your computer.
2.Install Python:
- Make sure you have Python installed on your computer. You can download and install the latest version of Python from the official Python website: Python Downloads. Follow the installation instructions for your operating system.
3.Install Required Dependencies:
- Open a command prompt or terminal.
- Navigate to the directory where you downloaded the script.
- Run the following command to install the necessary dependencies:
pip3 install -r requirements.txt
4.Execute the Script:
- Open a command prompt or terminal.
- Navigate to the directory where you downloaded the script using the cd command.
- Run the script using Python:
python3 fdm-snmp.py
****************************************************************************************************
2) Create SNMPv2 Host
C:\Users\anpavith\OneDrive\Desktop\scripts\FDM-SNMP> python3 fdm-snmp.py ########################################################### # CONFIGURE SNMP ON FDM # ########################################################### Enter the device IP address: 10.106.55.56 Enter the username of the FTD: admin Enter the password of the FTD: ########################################################### Auth-Status code is 200 Successfully Authenticated Would you like to configure (1) SNMPv2 or (2) SNMPv3 : 1 Enter the SNMP Server object name : solar22 Enter the SNMP Server object IP : 22.22.22.22 Enter SNMPv2 community string : cisco123 ########################################################### 1 diagnostic Management0/0 2 dmz GigabitEthernet0/2 3 inside GigabitEthernet0/1 4 outside GigabitEthernet0/0 Select the interface (Integer value only) : 4 Enter SNMP host object name : snmp22 ########################################################### Successfully Created, please deploy and check SNMP config ########################################################### |
3) Create SNMPv3 Host along with SNMPv3 user
C:\Users\anpavith\OneDrive\Desktop\scripts\FDM-SNMP> python3 .\fdm-snmp.py ########################################################### # CONFIGURE SNMP ON FDM # ########################################################### Enter the device IP address: 10.106.55.56 Enter the username of the FTD: admin Enter the password of the FTD: ########################################################### Auth-Status code is 200 Successfully Authenticated Would you like to configure (1) SNMPv2 or (2) SNMPv3 : 2 Enter the SNMP Server object name : solar21 Enter the SNMP Server object IP : 21.21.21.21 Enter SNMPv3 username : cisco21 Enter Security Level => Options ['AUTH', 'NOAUTH', 'PRIV'] : PRIV Enter authentication Algorithm => Options ['SHA', 'SHA256'] : SHA Enter authentication password : cisco123 Enter encryption Algorithm => Options ['AES128', 'AES192', 'AES256', '3DES'] : AES128 Enter encryption password : cisco123 ########################################################### 1 diagnostic Management0/0 2 dmz GigabitEthernet0/2 3 inside GigabitEthernet0/1 4 outside GigabitEthernet0/0 Select the interface (Integer value only) : 4 Enter SNMP host object name : host21 ########################################################### Successfully Created, please deploy and check SNMP config ########################################################### |
Please use the script and provide us with any feedback.
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Could you confirm the software version?
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
The Current version I am using is 7.0.5-72. I have staged the 7.2.5-208 but have not been approved to upgrade yet.
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
when executing pip3 install -r requirements.txt
error messge shows
ERROR: Could not find a version that satisfies the requirement getpass (from versions: none)
ERROR: No matching distribution found for getpass
My python is 3.12.0 any idea?
Thanks.
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Looks like there was an oversight when creating the requirements.txt file.
We just need the 'requests' module; the rest are part of Python’s standard library.
I’ve updated the requirements.txt on GitHub, please retry and let me know.
//Anupam
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
You are correct. requests is the only add-on module I need.
Moreover, I would like to share that the command "python3 fdm-snmp.py" isn't work with following error message.
Python was not found; run without arguments to install from the Microsoft Store, or disable this shortcut from Settings > Manage App Execution Aliases.
Soon on after I try another command "python fdm-snmp.py" and it works.
Unfortunately, the python script only provide 2c and 3 version. Appreciate if adding support on SNMPv1
I understand there is a secuirty risk, but my client don't have plan to upgrade old SNMP yet.
Thank you.
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
@a118123 , From a configuration point of view, there is no difference between SNMP v1 and SNMP v2.
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
@Anupam Pavithran @Marvin Rhoads , . Have either of you configured SNMPv3? When I do so, I just get timeout's when I query the firewall (running 7.4.2). Just looking for confirmation that SNMPv3 works for someone else. SNMPv2 works fine.
I currently have a TAC case open on this. (The firewall response timing out, not the community provided script)
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Just following up on my own comment. TAC is still researching, but I found these bugs resolved in 7.4.1
SNMPv3 polling may fail using privacy algorithms AES192/AES256 |
|
SNMPv3 polling may fail using privacy algorithms AES192/AES256 |
I followed the workarounds listed (Use SHA256 and AES128) and SNMPv3 worked. Even though I'm on 7.4.2 it looks like these bugs re-appeared. I've let TAC know, but I just wanted follow up that the script works fine for SNMPv3.
- « Previous
- Next »