lchance replied on Thu, Jun 11 2009 10:05 AM

rated by 0 users

Do you have an account with Cisco forums? You might get your best answer from their Network Management forum. If you don't then I can try to ask for you.

Does Cisco PIX's inside interface support CDP where you could use UnDP to monitor for this condition? Just a thought...

profzoom1 replied on Thu, Jun 11 2009 2:17 PM

rated by 0 users

I do not have an account on that forum and would appreciate the help in presenting the question on another forum.

As for the CDP being enabled on the inside interface is not enabled.

lchance replied on Thu, Jun 11 2009 3:04 PM

rated by 0 users

I'll let you know what/if I hear anything from that other forum.

lchance replied on Thu, Jun 11 2009 3:30 PM

rated by 0 users

By the way - have you tried using this Cisco PIX OID in UnDP? I've monitored VRRP and HSRP using something similar to watch for Active/Standby changes.

Riyaz Khan replied on Fri, Jun 12 2009 12:40 AM

rated by 0 users

Hi,

But how i monitor Active-Active Failover in PIX 535/FWSM Module,This will helpfull when we are using Active-Standby Failover.

Failover On
Last Failover at: 20:57:46 IST Apr 2 2009
 This context: Active
  Active time: 6099630 (sec)
    Interface outside (202.137.232.20): Normal
    Interface insideAS (202.137.239.1): Normal
 Peer context: Standby Ready
  Active time: 303385 (sec)
    Interface outside (202.137.232.21): Normal
    Interface insideAS (202.137.239.2): Normal

Stateful Failover Logical Update Statistics
 Status: Configured.
 Stateful Obj  xmit       xerr       rcv        rerr     
 RPC services   0          0          0          0        
 TCP conn  1723723700 0          10245      0        
 UDP conn  3852856396 0          41553      0        
 ARP tbl   2245583    0          0          36       
 Xlate_Timeout   0          0          0          0        

Regards,

Riyaz

lchance replied on Fri, Jun 12 2009 8:03 AM

rated by 0 users

profzoom1,

Here's the response I got back from another forum - I hope this helps:

Only if you do the following, which is basically a duplicate of the syslog you got, except as SNMP trap:

http://www.cisco.com/en/US/docs/security/pix/pix42/configuration/guide/pix42adv.html

"To receive security and failover SNMP traps from the PIX Firewall, compile the Cisco syslog MIB into your SNMP management application. If you do not compile the Cisco syslog MIB into your application, you only receive MIB-II traps for link up or down, and firewall cold and warm start."

Riyaz Khan replied on Fri, Jun 12 2009 8:19 AM

rated by 0 users

Hi,

But how i monitor Active-Active Failover in PIX 535/FWSM Module,This will helpfull when we are using Active-Standby Failover.

Failover On
Last Failover at: 20:57:46 IST Apr 2 2009
 This context: Active
  Active time: 6099630 (sec)
    Interface outside (202.137.232.20): Normal
    Interface insideAS (202.137.239.1): Normal
 Peer context: Standby Ready
  Active time: 303385 (sec)
    Interface outside (202.137.232.21): Normal
    Interface insideAS (202.137.239.2): Normal

Stateful Failover Logical Update Statistics
 Status: Configured.
 Stateful Obj  xmit       xerr       rcv        rerr     
 RPC services   0          0          0          0        
 TCP conn  1723723700 0          10245      0        
 UDP conn  3852856396 0          41553      0        
 ARP tbl   2245583    0          0          36       
 Xlate_Timeout   0          0          0          0        

Regards,

Riyaz