I don’t believe you will see any NV6000
events. You’ll need to load the Cisco PIX MIB(s) – there are
different ones depending on the model)
|
PIX
Platform
|
System
OID
|
|
PIX 506
|
.1.3.6.1.4.1.9.1.389
|
|
PIX 515
|
.1.3.6.1.4.1.9.1.390
|
|
PIX 520
|
.1.3.6.1.4.1.9.1.391
|
|
PIX 525
|
.1.3.6.1.4.1.9.1.392
|
|
PIX 535
|
.1.3.6.1.4.1.9.1.393
|
|
others
|
.1.3.6.1.4.1.9.1.227 (original PIX Firewall OID)
|
Once you load it you can use the mib2trap
command to try to import most of the traps into event configuration. Once
there, you can either define actions directly or via a ruleset.
Here is a useful link from Cisco on what
you should expect (trapwise)
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094a13.shtml
Hope this helps,
Glen
From:
nv-l-bounces@lists.ca.ibm.com [mailto:nv-l-bounces@lists.ca.ibm.com] On Behalf Of Catalina Martinez
Sent: Friday, December 08, 2006
10:23 AM
To: Tivoli NetView Discussions
Subject: RE: [NV-L] cisco pix
firewall
Thank you.. what is the trap that is
sent?.. the doc states "send the event "PIX Firewall failover state
change".. I looked under the event configuration and can not find it in
nv6000 events. I can use this event to generate an email or popup
thanks again…
From:
nv-l-bounces@lists.ca.ibm.com [mailto:nv-l-bounces@lists.ca.ibm.com] On Behalf Of Leslie Clark
Sent: Friday, December 08, 2006
10:48 AM
To: Tivoli NetView Discussions
Subject: Re: [NV-L] cisco pix
firewall
Actually. netmon will monitor that failover for you and generate a
special event when it occurs. See the Fixpack 4 release notes:
PIX Firewall
Failover support
IBM
Tivoli NetView provides support for monitoring the Cisco PIX Firewall Failover
conditions. NetView can monitor the failover state of the PIX devices during
normal status polling. When a failover occurs, a new event is generated
announcing whether the active addresses are on the primary or secondary device.
In addition, the operator can see on the map when the active addresses are on
the secondary device, which indicates that a failover has occurred and action
should be taken to prevent a further failure that disables the firewalls. The
management interface shows USER2 status, which is usually purple (by default).
This propagates to change the PIX device symbol to marginal. When the active
addresses are returned to the primary device, an event announces this fact and
the status on the map returns to Normal.
Use the
netmon.seed file to configure both the PIX Firewall Failover machines and to
set and lock the SNMP address.
For more information on the PIX Firewall Failover
support see the /usr/OV/doc/PixFailoverReadme.pdf file.
Cordially,
Leslie A. Clark
IT Services Specialist, Network Mgmt
Information Technology Services Americas
IBM Global Services
(248) 552-4968 Voicemail, Fax, Pager
|
"Catalina Martinez"
<Catalina.Martinez@tlc.state.tx.us>
Sent
by: nv-l-bounces@lists.ca.ibm.com
12/08/2006
10:23 AM
|
Please respond
to
Tivoli NetView Discussions <nv-l@lists.ca.ibm.com>
|
|
|
To
|
"Tivoli NetView Discussions"
<nv-l@lists.ca.ibm.com>
|
|
cc
|
nv-l@lists.us.ibm.com
|
|
Subject
|
[NV-L] cisco pix firewall
|
|
Hello,
Running Netview 7.1.4 FP 4, AIX 5.2.. Cisco PIX 535 version 6.3
I've been tasked with creating an alert when the PIX fails over
(from primary to secondary / and vice versa). I currently have a separate
window when certain devices go down, and I also have pop-up windows when a link
down trap is received from a critical devices..
If I remember right, there is a trap that is sent when a PIX
fails over? If I can determine the right trap then I can use that to
generate a popup or email message. Is there any special configuration to
netmon.seed?
Has anyone successfully monitored a failover?
Thanks
Catalina
_______________________________________________
NV-L mailing list
NV-L@lists.ca.ibm.com
Unsubscribe:NV-L-leave@lists.ca.ibm.com
http://lists.ca.ibm.com/mailman/listinfo/nv-l
(Browser access limited to internal IBM'ers only)