Hi Folks,
I'm having a look at using SNMP v3 for our firewalls. On our ASA 5510s I cannot find anywhere to add a context for SNMP. Is the context needed by NPM for monitoring via v3 or does anyone know if I'm missing something?
Not sure if I totally understand the question but here goes.
The System context is not really a context and therefore has no external monitoring available to it. Once you have created a context you can set up SNMP for each of those separately. You monitor each context as if it were a different firewall that's the reason for setting it up in each individual context.
Hope that answers your question
Hi,
thanks for your reply. I was i rushing out the door when I wrote that question so I didn't fully explain it sorry about that. I'm not referring to the firewall contexts I'm talking about the SNMP 'context name' which appears to be a required feild when configuring SNMP v3.
Just for others reading this post - there are 2 types of contexts referred to within.
1. Is a Firewall context as mentioned above in Myanta's post, I will refer to this as FW context
2. The other I will refer to as the SNMPv3 Context. This is one of the required fields to fill out in NPM when entering SNMPv3 credentials.
I monitor the Firewalls as Myanta mentioned above where each FW context is considered an individual device by NPM. What I'm trying to do is configure one of these individual FW contexts for SNMPv3. When I am configuring the SNMPv3 credentials it asks for the SNMPv3 Context however on my FW I do not have (or cannot find) any where to configure or discover the SNMPv3 Context name. Has anyone else configured an ASA 5510 for SNMPv3?
For anyone else having issues like I was the SNMPv3 Context is old and not used in the Solarwinds configuration of SNMP.
here is the Cisco/ASA configuration that I used on the ASA when configuring snmp, I found that it was much easier to use the command line than the ASDM:
hostname# snmp-server group authPriv v3 priv
hostname# snmp-server user md5des authPriv v3 auth md5 mysecretpass priv des passphrase
hostname# snmp-server host mgmt 10.0.0.1 version 3 md5des
So it is possible to monitor a firewall with multiple contexts with each context being seen as a different firewall? Have you achieved this yourself? We have an ASA 5585 with multiple contexts configured and I would like to monitor traffic on an interface on one of these contexts. This box is presently running SNMPv2 and when I go to list resources on the box it is only displaying interfaces on the admin context. If we were to upgrade the box to use SNMPv3 would it be possible to monitor interfaces within each context? Thanks
Hi there,
You will need to make the interface(s) visible using the following command:
allocate-interface <ifnameX/X> visible
Re-list resources after that and you should now be able to see the interface.
One thing to be aware of is the possible lack of interface persistence, depending on which version IOS you're running.
So if the firewall reboots, the interfaces will get random IDs and Orion won't be able to locate them any longer.
Cisco Bug: CSCtx33616
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.