02-06-2021 04:23 AM - edited 11-08-2023 12:03 AM
Problem:
SNMP on FDM was introduced in version 6.7. As of now, we only have the option to push via API. The current method is time-consuming, and knowledge of API is needed.
Here is the current guide we have.
https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/216551-configure-and-troubleshoot-snmp-on-firep.html
Solution
@Dinesh Verma and I created a script that automates the entire workflow using Python. You only need to enter the details pertaining to SNMPv2/SNMPv3; the script takes care of everything else. The script is available in the following GitHub repository.
https://github.com/anupamx47/FDM-SNMP/tree/main
1) Preparation:
1.Download the Script:
2.Install Python:
3.Install Required Dependencies:
4.Execute the Script:
****************************************************************************************************
2) Create SNMPv2 Host
C:\Users\anpavith\OneDrive\Desktop\scripts\FDM-SNMP> python3 fdm-snmp.py ########################################################### # CONFIGURE SNMP ON FDM # ########################################################### Enter the device IP address: 10.106.55.56 Enter the username of the FTD: admin Enter the password of the FTD: ########################################################### Auth-Status code is 200 Successfully Authenticated Would you like to configure (1) SNMPv2 or (2) SNMPv3 : 1 Enter the SNMP Server object name : solar22 Enter the SNMP Server object IP : 22.22.22.22 Enter SNMPv2 community string : cisco123 ########################################################### 1 diagnostic Management0/0 2 dmz GigabitEthernet0/2 3 inside GigabitEthernet0/1 4 outside GigabitEthernet0/0 Select the interface (Integer value only) : 4 Enter SNMP host object name : snmp22 ########################################################### Successfully Created, please deploy and check SNMP config ########################################################### |
3) Create SNMPv3 Host along with SNMPv3 user
C:\Users\anpavith\OneDrive\Desktop\scripts\FDM-SNMP> python3 .\fdm-snmp.py ########################################################### # CONFIGURE SNMP ON FDM # ########################################################### Enter the device IP address: 10.106.55.56 Enter the username of the FTD: admin Enter the password of the FTD: ########################################################### Auth-Status code is 200 Successfully Authenticated Would you like to configure (1) SNMPv2 or (2) SNMPv3 : 2 Enter the SNMP Server object name : solar21 Enter the SNMP Server object IP : 21.21.21.21 Enter SNMPv3 username : cisco21 Enter Security Level => Options ['AUTH', 'NOAUTH', 'PRIV'] : PRIV Enter authentication Algorithm => Options ['SHA', 'SHA256'] : SHA Enter authentication password : cisco123 Enter encryption Algorithm => Options ['AES128', 'AES192', 'AES256', '3DES'] : AES128 Enter encryption password : cisco123 ########################################################### 1 diagnostic Management0/0 2 dmz GigabitEthernet0/2 3 inside GigabitEthernet0/1 4 outside GigabitEthernet0/0 Select the interface (Integer value only) : 4 Enter SNMP host object name : host21 ########################################################### Successfully Created, please deploy and check SNMP config ########################################################### |
Please use the script and provide us with any feedback.
Could you confirm the software version?
The Current version I am using is 7.0.5-72. I have staged the 7.2.5-208 but have not been approved to upgrade yet.
when executing pip3 install -r requirements.txt
error messge shows
ERROR: Could not find a version that satisfies the requirement getpass (from versions: none)
ERROR: No matching distribution found for getpass
My python is 3.12.0 any idea?
Thanks.
You are correct. requests is the only add-on module I need.
Moreover, I would like to share that the command "python3 fdm-snmp.py" isn't work with following error message.
Python was not found; run without arguments to install from the Microsoft Store, or disable this shortcut from Settings > Manage App Execution Aliases.
Soon on after I try another command "python fdm-snmp.py" and it works.
Unfortunately, the python script only provide 2c and 3 version. Appreciate if adding support on SNMPv1
I understand there is a secuirty risk, but my client don't have plan to upgrade old SNMP yet.
Thank you.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: