Assumptions

  • The integration currently supports discovery and monitoring of FTDs managed by FMC (Firepower Management Center) or FDM (Firepower Device Manager).
  • The integration can generate critical and recovery alerts for failure scenarios when App Failure Notifications are enabled in the integration settings:
    • Connectivity Exception (ConnectTimeoutException, HttpHostConnectException, UnknownHostException)
    • Authentication Exception (UnauthorizedException).
  • Metrics-based monitoring is supported for FTD resources. Alerts are triggered when threshold values are breached.
  • Event/Alert polling starts only when Event/Alert Polling is explicitly enabled in the configuration.
  • The Event/Alert Severity filter accepts the following values:
    • kWarning, kCritical, kInfo.
  • The Event/Alert Severity Mapping configuration file includes sample mappings to align FTD severities with OpsRamp severities. These mappings are editable at any time through the SDK application configuration page. Supported OpsRamp severities: Critical, Warning, Ok, Info
  • Macro replacement is supported for customizing threshold breach alert subjects and descriptions
  • Latest snapshot metric support is available to fetch the most recent metric data.
  • The Template Applied Time is displayed only if the collector profile version is 18.1.0 or higher (Classic and NextGen Gateways).
  • Interfaces under FTD are represented as Network devices within OpsRamp.
  • Classic Gateway and NextGen Gateway are both supported.
  • For FMC-managed devices, user credentials must include Device Management permissions.

Limitations

  • The integration will not send repeated failure alerts until the existing critical alert is resolved.
  • Pause and resume of monitoring actions based on alert conditions are not supported.
  • Activity logs are not currently available for this integration.
  • Cluster Gateway is not supported.

Troubleshooting

  • Ensure all prerequisites are met.
  • If the Cisco FirePower Threat Defense integration fails to discover or monitor, perform the following troubleshooting steps:
    • Check if any alerts generated on Cisco FMC or Cisco FTD Device or on the gateway or any error logs in vprobe.
    • To rule out API accessibility or specific failures like end device connectivity or authentication, try to check the reachability of end device from gateway using below commands:
      • Use ping [IP Address] to test connectivity.
      • Use telnet [IP Address] [port] to test port access.
    • If further assistance is needed, contact the Support Team to verify API accessibility using either the SDK App Debug Command Center (available depending on gateway version 18.1.0 and app support) or DiscoveryandMonitoring-TargetAPIResponses.
  • If there are no connectivity or authentication issues, refer to the SDK App Debugging process and contact the Support Team for additional assistance.