Forum Discussion
It's been a while since I looked at it, so I may have forgotten some pieces.
We've started to add these FTD devices to monitoring and discovered that there is a different configuration required for monitoring them. There are plenty of firewall metrics available via SNMP to monitor, but they aren't available if you follow Cisco's best practice recommendations.
There is a platform "hypervisor" and the firewall runs on top of that. In order to get the firewall stats, you need to have a management VLAN separate from the data VLAN, and then add an IP address in the management VLAN to the mgmt interface in order to give access to monitor the firewall OIDs. The mgmt interface is a sub-interface attached to the MGMT port.
We had a TAC case open and Cisco couldn't figure this out. They closed the case after telling us this was a bug.
Without setting this management network and IP address up, you will only be able to monitor the hypervisor.
We only have one customer running the device, and they have to implement the management VLAN, so we haven't been able to test.
The API monitoring would be great to have implemented, as I assume it wouldn't require the management VLAN.
Related Content
- 28 days ago
- 10 days ago