More discussions in Orion Network Performance MonitorWhere is this place located?
7 Replies Latest reply: Jun 12, 2009 7:19 AM by Riyaz Khan RSS

Cisco PIX 525 failover monitoring

profzoom1
profzoom1 Jun 10, 2009 2:14 PM
Currently Being Moderated

Is there an alert or does someone out there know what OID's or Mibs to monitor to be alerted when a Cisco PIX 525 fails over to the standby PIX firewall.

We currently have 2 Cisco PIX 525 firewalls and they have failed over a couple of times and we are not alerted when this happens. Our Mars box gives this error - PIX-1-105005: (Secondary) Lost Failover communications with mate - I am not seeing anything in my syslog on my Orion box that says this for the time that this happened - Curious about that as well since we have all our pix syslogs going to our Orion box as well.

Is there a way to be alerted when this failover occurs?

Any help would be appreciated.

  • Re: Cisco PIX 525 failover monitoring
    lchance
    lchance Jun 11, 2009 9:05 AM (in response to profzoom1)
    Currently Being Moderated

    Do you have an account with Cisco forums? You might get your best answer from their Network Management forum. If you don't then I can try to ask for you.

    Does Cisco PIX's inside interface support CDP where you could use UnDP to monitor for this condition? Just a thought...

    • Re: Cisco PIX 525 failover monitoring
      profzoom1
      profzoom1 Jun 11, 2009 1:17 PM (in response to lchance)
      Currently Being Moderated

      I do not have an account on that forum and would appreciate the help in presenting the question on another forum.

      As for the CDP being enabled on the inside interface is not enabled.

      • Re: Cisco PIX 525 failover monitoring
        lchance
        lchance Jun 11, 2009 2:04 PM (in response to profzoom1)
        Currently Being Moderated

        I'll let you know what/if I hear anything from that other forum.

      • Re: Cisco PIX 525 failover monitoring
        lchance
        lchance Jun 11, 2009 2:30 PM (in response to profzoom1)
        Currently Being Moderated

        By the way - have you tried using this Cisco PIX OID in UnDP? I've monitored VRRP and HSRP using something similar to watch for Active/Standby changes.

        • Re: Cisco PIX 525 failover monitoring
          Riyaz Khan
          Riyaz Khan Jun 11, 2009 11:40 PM (in response to lchance)
          Currently Being Moderated

          Hi,

          But how i monitor Active-Active Failover in PIX 535/FWSM Module,This will helpfull when we are using Active-Standby Failover.

          Failover On
          Last Failover at: 20:57:46 IST Apr 2 2009
           This context: Active
            Active time: 6099630 (sec)
              Interface outside (202.137.232.20): Normal
              Interface insideAS (202.137.239.1): Normal
           Peer context: Standby Ready
            Active time: 303385 (sec)
              Interface outside (202.137.232.21): Normal
              Interface insideAS (202.137.239.2): Normal

          Stateful Failover Logical Update Statistics
           Status: Configured.
           Stateful Obj  xmit       xerr       rcv        rerr     
           RPC services   0          0          0          0        
           TCP conn  1723723700 0          10245      0        
           UDP conn  3852856396 0          41553      0        
           ARP tbl   2245583    0          0          36       
           Xlate_Timeout   0          0          0          0        

          Regards,

          Riyaz

      • Re: Cisco PIX 525 failover monitoring
        lchance
        lchance Jun 12, 2009 7:03 AM (in response to profzoom1)
        Currently Being Moderated

        profzoom1,

        Here's the response I got back from another forum - I hope this helps:

         

        Only if you do the following, which is basically a duplicate of the syslog you got, except as SNMP trap:

        http://www.cisco.com/en/US/docs/security/pix/pix42/configuration/guide/pix42adv.html

        "To receive security and failover SNMP traps from the PIX Firewall, compile the Cisco syslog MIB into your SNMP management application. If you do not compile the Cisco syslog MIB into your application, you only receive MIB-II traps for link up or down, and firewall cold and warm start."

        • Re: Cisco PIX 525 failover monitoring
          Riyaz Khan
          Riyaz Khan Jun 12, 2009 7:19 AM (in response to lchance)
          Currently Being Moderated

          Hi,

          But how i monitor Active-Active Failover in PIX 535/FWSM Module,This will helpfull when we are using Active-Standby Failover.

          Failover On
          Last Failover at: 20:57:46 IST Apr 2 2009
           This context: Active
            Active time: 6099630 (sec)
              Interface outside (202.137.232.20): Normal
              Interface insideAS (202.137.239.1): Normal
           Peer context: Standby Ready
            Active time: 303385 (sec)
              Interface outside (202.137.232.21): Normal
              Interface insideAS (202.137.239.2): Normal

          Stateful Failover Logical Update Statistics
           Status: Configured.
           Stateful Obj  xmit       xerr       rcv        rerr     
           RPC services   0          0          0          0        
           TCP conn  1723723700 0          10245      0        
           UDP conn  3852856396 0          41553      0        
           ARP tbl   2245583    0          0          36       
           Xlate_Timeout   0          0          0          0        

          Regards,

          Riyaz

Actions

More Like This

  • Retrieving data ...