CISCO FPR2110 Firepower Network Security Firewall Appliance User Guide

The Cisco Firepower series and Secure Firewall series provide
advanced network security features. This guide covers the
management information base (MIB) references for these
products.

Downloading MIB Files:

To download the MIB files for Cisco FXOS, visit the official
Cisco website at www.cisco.com.
Follow the provided instructions to download the necessary files
for your specific model.

Using MIB Files:

The MIB files can be utilized for various purposes such as
receiving fault event notifications, gathering inventory
information, and collecting statistics related to your Cisco
Firepower or Secure Firewall device.

Cisco FXOS Faults:

Monitor and manage faults related to Cisco FXOS using the MIB
files. Stay informed about any issues that may arise and take
necessary actions to maintain optimal performance.

Types of MIBs:

Understand the different types of MIBs available, including
Cisco extensions to the IF-MIB. Explore the capabilities offered by
these MIBs to enhance your network management experience.

FAQ

Q: How can I receive fault event notifications?

A: You can set up notifications by utilizing the Cisco FXOS MIB
files and configuring your monitoring system to alert you in case
of any faults.

Q: Can I use the MIB files for inventory management?

A: Yes, you can gather inventory information using the MIB files
to keep track of the devices connected to your network.

View Fullscreen

Cisco Firepower 1000, 2100 FXOS, Secure Firewall 3100 and 4200 MIB Reference Guide
First Published: 2020-10-14
Americas Headquarters
Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000
800 553-NETS (6387) Fax: 408 527-0883

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.
Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
© 2023 Cisco Systems, Inc. All rights reserved.

CONTENTS

PREFACE CHAPTER 1
CHAPTER 2 CHAPTER 3

About This Guide v Conventions v Related Documentation vi Communications, Services, and Additional Information vi
About Cisco FXOS MIB Files 1 Cisco FXOS MIB Files 1 Downloading Cisco FXOS MIB Files from Cisco.com 1 Cisco FXOS Faults 2 Use Cases for Cisco FXOS MIBs 4 Receiving Fault Event Notifications 4 Gathering Inventory Information 5 Gathering Statistics 5 Types of MIBs 8 Cisco Extensions to the IF-MIB 8
Loading Cisco FXOS MIBs Into a Network Management System 9 Load Cisco FXOS MIBs 9 Prerequisite MIBs 9 MIB Loading Order 10 Order for Loading MIBs in Cisco FXOS 10
Purpose of the Cisco FXOS MIBs 13 Purpose of the Cisco FXOS MIBs 13

Cisco Firepower 1000, 2100 FXOS, Secure Firewall 3100 and 4200 MIB Reference Guide iii

Contents
Cisco Firepower 1000, 2100 FXOS, Secure Firewall 3100 and 4200 MIB Reference Guide iv

About This Guide

· Conventions, on page v · Related Documentation, on page vi · Communications, Services, and Additional Information, on page vi

Conventions
Text Type GUI elements
User input Document titles TUI elements System output CLI commands
[] {x | y | z} [x | y | z] string <>

Indication GUI elements such as tab titles, area names, and field labels appear in this font. Main titles such as window, dialog box, and wizard titles appear in this font.
Text the user should enter exactly as shown or keys a user should press appear in this font.
Document titles appear in this font.
In a Text-based User Interface, text the system displays appears in this font.
Terminal sessions and information that the system displays appear in this font.
CLI command keywords appear in this font. Variables in a CLI command appear in this font.
Elements in square brackets are optional.
Required alternative keywords are grouped in braces and separated by vertical bars.
Optional alternative keywords are grouped in brackets and separated by vertical bars.
A nonquoted set of characters. Do not use quotation marks around the string or the string will include the quotation marks.
Nonprinting characters such as passwords are in angle brackets.

Cisco Firepower 1000, 2100 FXOS, Secure Firewall 3100 and 4200 MIB Reference Guide v

Related Documentation

About This Guide

Text Type [] !, #

Indication Default responses to system prompts are in square brackets.
An exclamation point (!) or a pound sign (#) at the beginning of a line of code indicates a comment line.

Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the document.
Tip Means the following information will help you solve a problem. The tips information might not be troubleshooting or even an action, but could be useful information, similar to a Timesaver.

Timesaver Means the described action saves time. You can save time by performing the action described in the paragraph.

Caution Means reader be careful. In this situation, you might perform an action that could result in equipment damage or loss of data.

Warning

IMPORTANT SAFETY INSTRUCTIONS
This warning symbol means danger. You are in a situation that could cause bodily injury. Before you work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar with standard practices for preventing accidents. Use the statement number provided at the end of each warning to locate its translation in the translated safety warnings that accompanied this device.
SAVE THESE INSTRUCTIONS

Related Documentation
For more information, see Cisco Firepower 2100 Series Useful Links
Communications, Services, and Additional Information
· To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager. · To get the business impact you’re looking for with the technologies that matter, visit Cisco Services. · To submit a service request, visit Cisco Support.

Cisco Firepower 1000, 2100 FXOS, Secure Firewall 3100 and 4200 MIB Reference Guide vi

About This Guide

· To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco Marketplace.
· To obtain general networking, training, and certification titles, visit Cisco Press. · To find warranty information for a specific product or product family, access Cisco Warranty Finder.
Cisco Bug Search Tool Cisco Bug Search Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking system that maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. BST provides you with detailed defect information about your products and software.

Cisco Firepower 1000, 2100 FXOS, Secure Firewall 3100 and 4200 MIB Reference Guide vii

About This Guide

Cisco Firepower 1000, 2100 FXOS, Secure Firewall 3100 and 4200 MIB Reference Guide viii

1 C H A P T E R
About Cisco FXOS MIB Files
This chapter includes the following sections: · Cisco FXOS MIB Files, on page 1 · Downloading Cisco FXOS MIB Files from Cisco.com, on page 1 · Cisco FXOS Faults, on page 2 · Use Cases for Cisco FXOS MIBs, on page 4 · Types of MIBs, on page 8 · Cisco Extensions to the IF-MIB, on page 8
Cisco FXOS MIB Files
FXOS MIB files are a set of objects that are private extensions to the IETF standard MIB II. MIB II is documented in RFC 1213, Management Information Base for Network Management of TCP/IP-based Internets: MIB-II. Portions of MIB-II have been updated since RFC 1213. See the IETF website http://www.ietf.org for the latest updates to this MIB. If your NMS cannot get requested information from FXOS, then the MIB that allows that specific data collection might be missing. Typically, if an NMS cannot retrieve a particular MIB variable, either the NMS does not recognize that MIB variable, or the agent does not support the MIB variable. If the NMS does not recognize a specific MIB variable, you might need to load the MIB into the NMS, usually with a MIB compiler. For example, you might need to load the Cisco FXOS private MIB or the supported RFC MIB into the NMS to execute the required data collection. If the agent does not support a specific MIB variable, you must find out what version of system software you are running. Different software releases support different MIBs.
Note Cisco and IETF MIBs are updated frequently. You should download and install the latest FXOS MIBs from Cisco.com whenever you upgrade the FXOS software. Unique versions of the FXOS MIBs are generated for each software release and are posted with the release.
Downloading Cisco FXOS MIB Files from Cisco.com
Before you begin Cisco FXOS MIBs are generated for each software release and are posted with the release.
Cisco Firepower 1000, 2100 FXOS, Secure Firewall 3100 and 4200 MIB Reference Guide 1

Cisco FXOS Faults

About Cisco FXOS MIB Files

Procedure

Step 1 Step 2
Step 3 Step 4 Step 5

Open a browser and go to the following URL: https://software.cisco.com/download/navigator.html?mdfid=286291275&flowid=79503

In the lower-right list, select your Security Appliance series: Firepower 2100 Series, Firepower 1000 Series, or Secure Firewall 3100 Series.
The lower-right list changes to show the available models for the selected series.

Select your Security Appliance model from the list. The Download Software page lists available categories of software for your security appliance.

In the Select a Software Type list, select Firepower Threat Defense Software.
Select your software version from the menu on the left and then click Download for the Firepower Threat Defense MIBs item.

Note

MIB files are not posted with patch software releases.

Cisco FXOS Faults

A fault is a mutable object that is managed by the FXOS. Each fault represents a failure or an alarm threshold that has been raised. During the life cycle of a fault, it can change from one state or severity to another.
Each fault includes information about the operational state of the affected object at the time the fault was raised. If the fault is transitional and the failure is resolved, then the object transitions to a functional state.
A fault remains in FXOS until the fault is cleared and deleted according to the settings in the fault collection policy.
The following table lists the FXOS traps included in the CISCO-FIREPOWER-AP-NOTIFS-MIB.
Table 1: CISCO-FIREPOWER-AP-NOTIFS-MIB Traps

Trap
cfprApFaultActiveNotif The OID for this SNMP trap is .1.3.6.1.4.1.9.9.826.2.0.1.
cfprApFaultClearNotif The OID for this SNMP trap is .1.3.6.1.4.1.9.9.826.2.0.2.

Description This notification is generated by FXOS whenever a fault is raised.
This notification is generated by FXOS whenever a fault is cleared.

All FXOS faults are available with SNMP using the cfprApFaultInstTable table and the CISCO-FIREPOWER-AP-FAULT-MIB. The table contains one entry for every fault instance. Each entry has variables to indicate the nature of a problem, such as its severity and type. The same object is used to model all FXOS fault types, including equipment problems, FSM failures, configuration or environmental

Cisco Firepower 1000, 2100 FXOS, Secure Firewall 3100 and 4200 MIB Reference Guide 2

About Cisco FXOS MIB Files

Cisco FXOS Faults

issues, and connectivity issues. The cfprApFaultInstTable table includes all active faults (those that have been raised and need user attention), and all faults that have been cleared but not yet deleted because of the retention interval.
The cfprApFaultInstTable table contains cfprApFaultInstEntry objects that can be queried through the XML API.Chassis Manager
The following table describes the attributes exposed by the cfprApFaultInstTable.
Table 2: cfprApFaultInstEntry Attritubes

Attribute Fault Instance ID (Table Index) Affected Object DN
Affected Object OID
Creation Time Last Modification Code
Type Cause Severity

Description
A unique integer that identifies the fault.
The distinguished name of the mutable object that has the fault.
The Object identifier (OID) of the mutable object that has the fault.
The time that the fault was created, depicted in UTC format.
The time when any of the attributes were modified.
A code that provides information specific to the nature of the fault.
The fault type.
The probable cause of the fault.
The severity of the fault. Fault severity transitions throughout the lifecyle of the fault, so several different fault severities can be reported during the lifecyle of a fault. These include:
· Original severity reported when the fault was first detected
· Current severity reported for the fault · Previous severity reported for the fault · Highest severity reported for the fault

Occurrence Description

The number of times that a fault has occurred since it was created.
A human readable string that contains all information related to the fault.

FXOS sends a cfprApFaultActiveNotif event notification whenever a fault is raised. There is one exception to this rule: FXOS does not send event notifications for FSM faults. The trap variables indicate the nature of the problem, including the fault type. FXOS sends a cfprApFaultClearNotif event notification whenever a fault has been cleared. A fault is cleared when the underlying issue has been resolved.

Cisco Firepower 1000, 2100 FXOS, Secure Firewall 3100 and 4200 MIB Reference Guide 3

Use Cases for Cisco FXOS MIBs

About Cisco FXOS MIB Files

The cfprApFaultActiveNotif and cfprApFaultClearNotif traps are defined in the CISCO-FIREPOWER-AP-NOTIFS-MIB. All faults can be polled using SNMP GET operations on the cfprApFaultInstTable, which is defined in the CISCO-FIREPOWER-AP-FAULT-MIB.

Note

The Data Management Engine (DME) generates the OID values dynamically. Due to this default behaviour, some of the OIDs in SNMP MIBs change after a reboot.
An example of SNMP OID values, before and after a reboot, from FP 9300:
Before reboot
cfprEtherFtwPortPairOperMode.31623 .1.3.6.1.4.1.9.9.826.1.21.33.1.22.31623 CISCO-FIREPOWER-ETHER-MIB
cfprEtherFtwPortPairOperMode.31625 .1.3.6.1.4.1.9.9.826.1.21.33.1.22.31625 CISCO-FIREPOWER-ETHER-MIB
After reboot
cfprEtherFtwPortPairOperMode.31623 .1.3.6.1.4.1.9.9.826.1.21.33.1.22.31625 CISCO-FIREPOWER-ETHER-MIB
cfprEtherFtwPortPairOperMode.31625 .1.3.6.1.4.1.9.9.826.1.21.33.1.22.31627 CISCO-FIREPOWER-ETHER-MIB

For more details about FXOS faults, see Cisco Firepower 2100 Series Faults and Error Messages.

Use Cases for Cisco FXOS MIBs
Common use cases for Cisco FXOS MIBs are described below.
Receiving Fault Event Notifications
If you want to use SNMP traps for fault event notification in your NMS, you must first load the prerequisite MIBs (see Prerequisite MIBs, on page 9), then load the MIBs listed below.

Important You should load the MIBs in the order listed to eliminate most of the load-order issues.
· CISCO-FIREPOWER-AP-MIB.my · CISCO-FIREPOWER-AP-TC-MIB.my · CISCO-FIREPOWER-AP-FAULT-MIB.my · CISCO-FIREPOWER-AP-NOTIFS-MIB.my The following table describes the traps included in the CISCO-FIREPOWER-AP-NOTIFS-MIB.

Cisco Firepower 1000, 2100 FXOS, Secure Firewall 3100 and 4200 MIB Reference Guide 4

About Cisco FXOS MIB Files

Gathering Inventory Information

Table 3: CISCO-FIREPOWER-AP-NOTIFS-MIB Traps
Trap
cfprApFaultActiveNotif The OID that corresponds to this SNMP trap is .1.3.6.1.4.1.9.9.826.2.0.1.
cfprApFaultClearNotif The OID that corresponds to this SNMP trap is .1.3.6.1.4.1.9.9.826.2.0.2.

Description This notification is generated by FXOS whenever a fault is raised.
This notification is generated by FXOS whenever a fault is cleared.

Gathering Inventory Information
FXOS MIBs can be used to gather information about the compute equipment in your Firepower 2100 series appliance, Firepower 1000 series, or Secure Firewall 3100 series. Inventory information includes data such as security modules, serial numbers, DIMMs, and other intelligence related to system equipment. See Purpose of the Cisco FXOS MIBs, on page 13, to learn more about which MIBs you need to add to your NMS to collect the inventory data that interests you.
Gathering Statistics
If you want to use SNMP as a way to gather statistics, use the table below as a guide to which MIBs to load and which tables in each MIB to query.

Note The table lists the statistics most commonly monitored in FXOS, but it does not contain an exhaustive list of all statistics that can be monitored. To gather statistics beyond those listed below, refer to Purpose of the Cisco FXOS MIBs, on page 13, review the content of the various packages, and download the additional MIB files necessary to meet your specific needs.

Cisco Firepower 1000, 2100 FXOS, Secure Firewall 3100 and 4200 MIB Reference Guide 5

Gathering Statistics

About Cisco FXOS MIB Files

Table 4: MIBs to Use for Gathering Statistics

Statistics Type Ethernet

MIB that Gathers the Statistic

Statistics Table Name and Objects in SNMP

CISCO-FIREPOWER-AP-ETHER-MIB cfprApEtherPauseStatsTable–Packet .1.3.6.1.4.1.9.9.826.2.1.21 is the parent pause stats OID where the key statistics reside. cfprApEtherLossStatsTable–Packet
loss stats

cfprApEtherErrStatsTable–Packet error stats

cfprApEtherTxStatsTable–Packet transmission stats

Objects in cfprApEtherTxStatsTable–cfprApEtherTxStatsEntry, cfprApEtherTxStatsInstanceId, cfprApEtherTxStatsJumboPackets, cfprApEtherTxStatsMulticastPackets, cfprApEtherTxStatsSuspect, cfprApEtherTxStatsThresholded, cfprApEtherTxStatsTimeCollected, cfprApEtherTxStatsTotalBytes, cfprApEtherTxStatsTotalPackets, cfprApEtherTxStatsUnicastPackets, cfprApEtherTxStatsUpdate, cfprApEtherTxStatsBroadcastPackets, cfprApEtherTxStatsIntervals

cfprApEtherRxStatsTable–Packet reception stats

Adapter

CISCO-FIREPOWER-AP-ADAPTOR-MIB cfprApAdaptorEthPortBySizeLargeStatsTable .1.3.6.1.4.1.9.9.826.2.1.3 is the parent cfprApAdaptorEthPortBySizeSmallStatsTable OID where the key statistics reside. cfprApAdaptorEthPortStatsTable
cfprApAdaptorEthPortOutsizedStatsTable
cfprApAdaptorEthPortMcastStatsTable

Blade and rack level

CISCO-FIREPOWER-AP-COMPUTE-MIB cfprApComputeMbPowerStatsTable–Provides

.1.3.6.1.4.1.9.9.826.2.1.12 is the parent OID where the key statistics reside.

all motherboard power statistics for every security module.

cfprApComputeMbTempStatsTable–Provides

all motherboard temperature statistics for

every security module.

Processor

CISCO-FIREPOWER-AP-PROCESSOR-MIB cfprApProcessorEnvStatsTable–Provides

.1.3.6.1.4.1.9.9.826.2.1.66 is the parent OID where the key statistics reside.

all CPU power and temperature statistics for every CPU socket.

Cisco Firepower 1000, 2100 FXOS, Secure Firewall 3100 and 4200 MIB Reference Guide 6

About Cisco FXOS MIB Files

Gathering Statistics

Statistics Type Equipment
Memory statistics Switching statistics Security Module statistics Storage statistics Interface statistics
Process statistics

MIB that Gathers the Statistic

Statistics Table Name and Objects in SNMP

CISCO-FIREPOWER-AP-EQUIPMENT-MIB cfprApEquipmentFanStatsTable–Provides .1.3.6.1.4.1.9.9.826.2.1.20 is the parent all statistics for every physical fan. OID where the key statistics reside. cfprApEquipmentFanModuleStatsTable–Provides
all fan module temperature statistics for every fan module.

cfprApEquipmentChassisStatsTable–Provides all chassis level temperature statistics.

cfprApEquipmentPsuStatsTable–Provides all chassis level power and temperature statistics for every power supply.

cfprApEquipmentIOCardStatsTable–Provides all chassis level power and temperature statistics for the fabric interconnect.

CISCO-FIREPOWER-AP-MEMORY-MIB cfprApMemoryUnitEnvStatsTable–Provides

.1.3.6.1.4.1.9.9.826.2.1.50 is the parent OID where the key statistics reside.

all memory DIMM temperature statistics for every memory module.

CISCO-FIREPOWER-AP-SW-MIB cfprApSwEnvStatsTable–Provides

.1.3.6.1.4.1.9.9.826.2.1.75 is the parent OID where the key statistics reside.

configuration and status information on the switch configuration.

CISCO-FIREPOWER-AP-SM-MIB cfprApSmMonitorTable–Provides disk,

.1.3.6.1.4.1.9.9.826.2.1.71 is the parent OID where key security-module

CPU, and memory utilization statistics for each security module.

statistics reside.

CISCO-FIREPOWER-AP-STORAGE-MIB cfprApStorageItemTable–Provides .1.3.6.1.4.1.9.9.826.2.1.74.20 is the storage element statistics. parent OID where storage statistics reside.

IF-MIB
1.3.6.1.2.1.2.2.1 is the parent OID where the interface statistics reside.

ifTable–Provides a list of interface entries. An entry contains management information applicable to a particular interface. It includes ifInDiscards, ifInErrors, ifOutDiscards, ifOutErrors, and so on.

CISCO-PROCESS-MIB
1.3.6.1.4.1.9.9.109 is the parent OID where the process statistics reside.

cpmCPUTotalTable contains cpmCPUTotalEntry which provides overall information about the CPU load. Entries in this table come and go as CPUs are added and removed from the system.

Cisco Firepower 1000, 2100 FXOS, Secure Firewall 3100 and 4200 MIB Reference Guide 7

Types of MIBs

About Cisco FXOS MIB Files

Statistics Type System statistics

MIB that Gathers the Statistic
CISCO-SYSTEM-EXT-MIB 1.3.6.1.4.1.9.9.305 is the parent OID where the CPU availability and bandwidth information resides

Statistics Table Name and Objects in SNMP
cseSysCPUUtilization –Provides the average utilization of CPU on the active supervisor.

Configuring snmpwalk Retry and Timeout Values
When you use snmpwalk to gather metrics of the device in bulk, you might experience long waiting hours. There is a default timeout, where the command waits for a response from device. You can change this default timeout and retry values:
$ time snmpwalk -v2c -c cisco123 -r 1 -t 5 <IP Address> system
Here, -r 1 and -t 5 indicates retry for one time and timeout of 5 seconds respectively. Thus, a total timeout of 10 seconds is configured.

Types of MIBs
Chassis Management is based on the XML over HTTP model, which provides a rich data model to configure and monitor the system. This model includes polices, service profiles, configuration and monitoring data, and statistics.
To simplify the integration of FXOS with SNMP-based NMS, FXOS exposes the model through SNMP. The entire FXOS data model is exposed through the read-only Cisco FXOS MIBs. All objects that can be retrieved through the FXOS XML API can also be retrieved through FXOS MIBs.

Note Each release maintains complete coverage of the XML API model through private MIBs.

Cisco Extensions to the IF-MIB

The IF-MIB supports basic management status and control of interfaces and sublayers within a network switch. Multiple standard and Cisco-specific MIBs use ifIndex from the IF-MIB to extend management for specific interface types. Cisco MIBs also enhance the two interface notifications, linkUp and linkDown, from the IF-MIB to provide a clearer indication of the reason for these notifications. Cisco MIBs add two varbinds to linkUp and linkDown as shown in the following table.
Table 5: Varbinds Added to IF-MIB Notifications

Notification linkUp linkDown

Varbinds Added ifDescr ifDescr

Cisco Firepower 1000, 2100 FXOS, Secure Firewall 3100 and 4200 MIB Reference Guide 8

2 C H A P T E R
Loading Cisco FXOS MIBs Into a Network Management System
This chapter includes the following sections: · Load Cisco FXOS MIBs, on page 9 · Prerequisite MIBs, on page 9 · MIB Loading Order , on page 10
Load Cisco FXOS MIBs
Before loading FXOS MIBs into an NMS, you must first load the prerequisite MIBs into the NMS. This enables you to receive the FXOS Fault Traps in the NMS.
Prerequisite MIBs
The MIBs in this section are required for all use cases and need to be loaded before other Cisco MIBs are loaded.
Important You should load the MIBs in the order listed to eliminate most of the load-order issues. The following is a list of MIBs from which many other MIBs import definitions: · SNMPv2-SMI.my · SNMPv2-TC.my · SNMP-FRAMEWORK-MIB.my · RFC1213-MIB.my · IF-MIB.my · CISCO-SMI.my · ENTITY-MIB.my
Cisco Firepower 1000, 2100 FXOS, Secure Firewall 3100 and 4200 MIB Reference Guide 9

MIB Loading Order

Loading Cisco FXOS MIBs Into a Network Management System

· INET-ADDRESS-MIB.my · CISCO-TC.my
Note The CISCO-SMI MIB defines the iso.org.dod.internet.private.enterprise.cisco.ciscoMgmt object (1.3.6.1.4.9.9), which is the parent node of all Cisco FXOS MIBs. Several MIBs, including the CISCO-SMI MIB, must be loaded before other Cisco FXOS MIBs. Attempting to load other Cisco FXOS MIBs before the CISCO-SMI MIB generally results in a MIB compiler error stating that a MIB node has no parent node.
MIB Loading Order
Most of the MIB use definitions are defined in other MIBs. These definitions are listed in the IMPORTS section near the top of the MIB. For example, if MIB B imports a definition from MIB A, some MIB compilers require you to load MIB A before loading MIB B. If you get the MIB loading order wrong, you might get an error message that a MIB is undefined or not listed in IMPORTS. If you receive an error message, look at the loading order of MIBs defined in the IMPORTS section. Ensure that you have the appropriate load order.
Order for Loading MIBs in Cisco FXOS
FXOS supports network MIBs and a series of MIBs to access all of the objects stored in the FXOS Management Information Tree. All managed objects that can be accessed through the FXOS XML API can also be retrieved through read-only SNMP GET operations.
Important You should load the MIBs in the order listed to eliminate most of the load-order issues.
If you want to receive Cisco FXOS traps in your NMS, first load the prerequisite MIBs (see Prerequisite MIBs, on page 9), then load the following Cisco MIBs:
· CISCO-FIREPOWER-AP-MIB.my · CISCO-FIREPOWER-AP-TC-MIB.my · CISCO-FIREPOWER-AP-FAULT-MIB.my · CISCO-FIREPOWER-AP-NOTIFS-MIB.my
If you want to retrieve FXOS managed objects using read-only SNMP GET operations, you need to load all additional Cisco FXOS MIBs. The additional FXOS MIBs are generally used to retrieve inventory and configuration information using SNMP GET operations. To learn more about all of the FXOS MIBs, see Purpose of the Cisco FXOS MIBs, on page 13.

Cisco Firepower 1000, 2100 FXOS, Secure Firewall 3100 and 4200 MIB Reference Guide 10

Loading Cisco FXOS MIBs Into a Network Management System

Order for Loading MIBs in Cisco FXOS

Note In environments running multiple versions of FXOS, load the latest FXOS MIBs in the NMS, because all FXOS MIBs are developed to be backward-compatible with previous versions.

Cisco Firepower 1000, 2100 FXOS, Secure Firewall 3100 and 4200 MIB Reference Guide 11

Order for Loading MIBs in Cisco FXOS

Loading Cisco FXOS MIBs Into a Network Management System

Cisco Firepower 1000, 2100 FXOS, Secure Firewall 3100 and 4200 MIB Reference Guide 12

3 C H A P T E R

Purpose of the Cisco FXOS MIBs

This chapter describes the purpose of the Cisco FXOS MIBs. · Purpose of the Cisco FXOS MIBs, on page 13

Purpose of the Cisco FXOS MIBs

The following table describes the purpose of each Cisco FXOS MIB.
Table 6: MIB Purposes

MIB CISCO-FIREPOWER-AP-AAA-MIB

Purpose
This package contains data about configuring and monitoring the AAA operation within FXOS. It includes the following information:
· Identities of external AAA servers such as LDAP, TACACS, and RADIUS. These servers are used as authoritative repositories to authenticate FXOS users.
· Local users
· User roles and locales
· Mappings between users, roles, and locales
· Prelogin banner configuration
· Audit logs
· AAA policies, such as password policies

Cisco Firepower 1000, 2100 FXOS, Secure Firewall 3100 and 4200 MIB Reference Guide 13

Purpose of the Cisco FXOS MIBs

MIB

Purpose

CISCO-FIREPOWER-AP-ADAPTOR-MIB This package contains configuration and statistics information that reflect the state of physical network adapters within a Firepower 2100 series appliance, Firepower 1000 series appliance, or Secure Firewall 3100 series appliance.
It includes the following information:
· Ethernet and Ethernet port channel Interfaces
· Network statistics per adapter

CISCO-FIREPOWER-AP-BIOS-MIB

This package contains configuration objects for BIOS settings.
It includes the following information:
· Boot order parameters for the Firepower 2100 series Firepower 1000, or Secure Firewall 3100 appliance.
· Policy-based BIOS parameters that can be applied to service profiles

CISCO-FIREPOWER-AP-BMC-MIB

This package reports Power-On Self Test (POST) statistics.

CISCO-FIREPOWER-AP-CALLHOME-MIB This package contains configuration objects for the Call Home feature. It includes the following information: · Contact information · Customer ID and contract ID · Email address · SMTP servers · Call Home profiles and policies · System inventory

CISCO-FIREPOWER-AP-CAPABILITY-MIB This package contains configuration objects for the capability catalog. This catalog contains the characteristics of various physical components in the Firepower 2100 series appliance, Firepower 1000 appliance, or Secure Firewall 3100 appliance including fabric interconnect (supervisor), network adapters, security modules, chassis, network modules, CPUs, memory units, fan modules, local disks, power supply modules, and storage controllers.
FXOS is designed to support new hardware by uploading a new capability catalog that includes the following information:
· Capability catalog objects
· Objects to manage the capability catalog, such as uploading a new catalog to an existing system

Cisco Firepower 1000, 2100 FXOS, Secure Firewall 3100 and 4200 MIB Reference Guide 14

Purpose of the Cisco FXOS MIBs

MIB CISCO-FIREPOWER-AP-COMM-MIB

Purpose
This package contains configuration objects that control global configurations, such as DNS, HTTP, and SNMP. It includes the following information:
· Date and time management · DNS management · Configuration of REST API over HTTP and HTTPS · NTP management · Shell access configuration · SNMP management · Telnet management

CISCO-FIREPOWER-AP-COMPUTE-MIB This package contains configuration, inventory, and statistics objects for computing resources. It includes the following information: · Inventory objects for security modules and components · Chassis connectivity policies · Security module discovery and autoconfiguration policies · Pool objects

CISCO-FIREPOWER-AP-DCX-MIB

This package contains operational information about virtual interfaces and circuits.
It includes the following information:
· Virtual interfaces configured for each security module network adapter
· Virtual circuits configured for each security module adapter, chassis, or network module

CISCO-FIREPOWER-AP-DHCP-MIB

This package contains DHCP subsystem details.
It includes information on DHCP leases obtained by the Firepower 2100 series appliance, Firepower 1000 appliance, or Secure Firewall 3100 appliance subcomponents.

Cisco Firepower 1000, 2100 FXOS, Secure Firewall 3100 and 4200 MIB Reference Guide 15

Purpose of the Cisco FXOS MIBs

MIB CISCO-FIREPOWER-AP-DIAG-MIB

Purpose
This package contains diagnostics information about Firepower 2100 series appliance, Firepower 1000 appliance, or Secure Firewall 3100 appliance subcomponents.
· Diagnostic policies
· Network test objects
· Diagnostic results

CISCO-FIREPOWER-AP-DOMAIN-MIB This package contains details about the Firepower 2100 series appliance, Firepower 1000 appliance, or Secure Firewall 3100 appliance and security module storage media.

CISCO-FIREPOWER-AP-EPQOS-MIB

This package contains details about network Quality of Service (QoS). It includes the following information:
· Egress QoS policy
· Internal object to manage the network QoS

CISCO-FIREPOWER-AP-EQUIPMENT-MIB This package contains details about the Firepower 2100 series appliance, Firepower 1000 appliance, or Secure Firewall 3100 appliance inventory. Objects in this package are defined to model the physical components. It includes the following information: · Network adapters
· Beacon LEDs
· Board controllers
· Fabric Interconnect fixed and extension modules
· Firepower 2100 series chassis, Firepower 1000 appliance, or Secure Firewall 3100 appliance
· Fan
· SSD
· IO card
· Memory unit
· Power supply module

Cisco Firepower 1000, 2100 FXOS, Secure Firewall 3100 and 4200 MIB Reference Guide 16

Purpose of the Cisco FXOS MIBs

MIB CISCO-FIREPOWER-AP-ETHER-MIB

Purpose
This package contains details about the Ethernet port inventory and statistics about the Ethernet ports. It includes the following information:
· Objects that represent inventoried Ethernet ports and port channels
· Statistics about Ethernet ports

CISCO-FIREPOWER-AP-EVENT-MIB

This package contains details about the event log. An event is any significant occurrence in FXOS that may require users to be notified. Events can help users identify and diagnose the source of problems.
It includes the following information:
· Object to model the event log
· Object to model an entry in the event log
· Event log policy, which specifies the number of events that need to be maintained in the event log and the event retention policy.

CISCO-FIREPOWER-AP-EXTMGMT-MIB This package contains details about management interfaces. It includes the following information: · Management interfaces · Gateway ping policy · Interface monitoring policy · ARP targets

CISCO-FIREPOWER-AP-EXTPOL-MIB This package contains details about external clients that are connected to FXOS.
CISCO-FIREPOWER-AP-EXTVMM-MIB This package contains information about certificate and private key stores.

Cisco Firepower 1000, 2100 FXOS, Secure Firewall 3100 and 4200 MIB Reference Guide 17

Purpose of the Cisco FXOS MIBs

MIB CISCO-FIREPOWER-AP-FABRIC-MIB

Purpose
This package contains information about the configuration and policies on the Firepower 2100 series appliance fabric (supervisor). The Firepower 2100 series appliance, Firepower 1000 appliance, or Secure Firewall 3100 appliance fabric define Ethernet, storage, port configuration, and VLANs.
It includes the following information:
· VLANs
· Required Ethernet configuration for uplink ports and port channels
· VLAN port membership
· VCON policies

CISCO-FIREPOWER-AP-FAULT-MIB

This package provides information about FXOS faults. A fault is an abnormal condition or defect at the component, equipment, or subsystem level, which may lead to a failure as defined in ISO/CD 10303-226.
Each managed object in the management tree may have one or more faults that indicate a particular problem with this object.
It includes the following information:
· Fault objects
· Fault policy, including fault retention, flapping, and clear action

CISCO-FIREPOWER-AP-FIRMWARE-MIB This package contains details about the firmware management of the Firepower 2100 series appliance, Firepower 1000 appliance, or Secure Firewall 3100 appliance components. This includes objects to download firmware packages, manage firmware images and firmware packages, firmware packs, and to control firmware upgrades or downgrades.
It includes the following information:
· Downloader object to download firmware packages
· Objects to model firmware and firmware packages
· Firmware packs
· Control of firmware upgrades and downgrades

CISCO-FIREPOWER-AP-FLOWCTRL-MIB This package contains the network flow control policy details.
CISCO-FIREPOWER-AP-IPPOOL-MIB This package contains details about pools of IP addresses that are reserved for internal use.

Cisco Firepower 1000, 2100 FXOS, Secure Firewall 3100 and 4200 MIB Reference Guide 18

Purpose of the Cisco FXOS MIBs

MIB CISCO-FIREPOWER-AP-LLDP-MIB
CISCO-FIREPOWER-AP-LS-MIB

Purpose
This package contains details about the Link Layer Discovery Protocol (LLDP) object.
It includes information on the objects that provide inventory information about peer links through LLDP.
This package contains the top-level objects for FXOS service profiles.
It includes the following information:
· FXOS service profile
· Binding between a service profile and a security module/engine
· Requirements that a physical security module must satisfy to be associated with a service profile

CISCO-FIREPOWER-AP-LSBOOT-MIB

This package contains information about the boot objects for FXOS service profiles. It contains the following information:
· Service profile boot policy
· Boot images
· Virtual Media

CISCO-FIREPOWER-AP-LSMAINT-MIB This package contains details about FXOS service profile maintenance policy.
The FXOS service profile maintenance policy specifies what you can do when a requested change requires a reboot.
CISCO-FIREPOWER-AP-MACPOOL-MIB This package contains details about pools of MAC addresses. Pools of MAC addresses are used to assign virtual MAC addresses to service profile vNICs.
It includes the following information:
· Pools of MAC addresses
· MAC addresses that can be assigned to service profile vNICs

Cisco Firepower 1000, 2100 FXOS, Secure Firewall 3100 and 4200 MIB Reference Guide 19

Purpose of the Cisco FXOS MIBs

MIB

Purpose

CISCO-FIREPOWER-AP-MAPPINGS-MIB This package contains information about the relationships between the FXOS Managed Objects.
It includes the following information:
· The cfprApMappingsMoContainmentTable provides containment information to navigate from a parent-managed object to the child-managed objects.
· The cfprApMappingsMoInverseContainmentTable provides information to navigate from a child-managed object to the parent-managed object.
· The cfprApMappingsDnToOidTable provides a mapping from the Managed Object Distinguished Name to the SNMP OID.

CISCO-FIREPOWER-AP-MEMORY-MIB This package contains details about memory units that are installed in security modules. It includes the following information: · Memory arrays · Memory units · Memory qualification · Statistics

CISCO-FIREPOWER-AP-MGMT-MIB

This package contains FXOS provisioning details. It includes the following information:
· Objects to perform backups and imports of chassis manager configuration
· Access policies
· Process Monitor entries

CISCO-FIREPOWER-AP-MIB

This package defines the top-level FXOS Managed Object.

CISCO-FIREPOWER-AP-NETWORK-MIB This package provides information about Firepower 2100 series appliance, Firepower 1000 appliance, or Secure Firewall 3100 appliance fabric interconnect (supervisor).
It includes the following information:
· Objects to specify the IP addresses of the Firepower 2100 series appliance, Firepower 1000 appliance, or Secure Firewall 3100 appliance fabric interconnect
· Network statistics

Cisco Firepower 1000, 2100 FXOS, Secure Firewall 3100 and 4200 MIB Reference Guide 20

Purpose of the Cisco FXOS MIBs

MIB CISCO-FIREPOWER-AP-NOTIFS-MIB

Purpose
This MIB contains the definitions of the SNMP notifications that are supported by FXOS. The following notifications are defined:
· FXOS fault raised · FXOS fault cleared

CISCO-FIREPOWER-AP-NWCTRL-MIB This package provides information about network control policies.

CISCO-FIREPOWER-AP-ORG-MIB

This package provides information about the organizational hierarchy in the FXOS Management Information Tree.

CISCO-FIREPOWER-AP-OS-MIB

This package contains guest OS agent details. It includes the following information:
· Guest OS instance · Guest OS agent

CISCO-FIREPOWER-AP-PCI-MIB

This package contains details about inventory PCI cards. It includes the following information:
· Inventory PCI card · Equipment slot

CISCO-FIREPOWER-AP-PKI-MIB

This package contains details about Public Key Infrastructure (PKI) objects. It includes the following information:
· Certificate requests
· Key ring

CISCO-FIREPOWER-AP-PORT-MIB

This package provides information about physical ports on the fabric interconnect (supervisor) and the port groups on the fabric interconnect.
It includes the following information:
· Port groups
· Abstract objects for physical ports on the fabric interconnect (supervisor)
· Port trust mode

Cisco Firepower 1000, 2100 FXOS, Secure Firewall 3100 and 4200 MIB Reference Guide 21

Purpose of the Cisco FXOS MIBs

MIB CISCO-FIREPOWER-AP-POWER-MIB

Purpose
This package contains details about chassis power capping policies and statistics. It includes the following information:
· Chassis power capping · Chassis power statistics

CISCO-FIREPOWER-AP-PROC-MIB

This package contains details about the internal components of FXOS. It includes the following information:
· Statistics about Cisco FXOS transactions
· Information about Cisco FXOS processes

CISCO-FIREPOWER-AP-PROCESSOR-MIB This package provides information about Central Processing Units that can be installed on the Firepower 2100 series appliance, Firepower 1000 appliance, or Secure Firewall 3100 appliance.
It includes the following information:
· CPU characteristics
· CPU statistics

CISCO-FIREPOWER-AP-QOSCLASS-MIB This package provides information about QoS classes.

CISCO-FIREPOWER-AP-SM-MIB

This package contains monitoring data for the security modules in the system. It includes the following information:
· Application software version · Memory usage · Disk usage · CPU utilization

CISCO-FIREPOWER-AP-STATS-MIB

This package contains details about statistics. It includes the following information:
· Objects to specify statistics collection · Objects to specify threshold policies

Cisco Firepower 1000, 2100 FXOS, Secure Firewall 3100 and 4200 MIB Reference Guide 22

Purpose of the Cisco FXOS MIBs

MIB

Purpose

CISCO-FIREPOWER-AP-STORAGE-MIB This package contains details about storage elements that can be installed or accessed from a Firepower 2100 series appliance, Firepower 1000 appliance, or Secure Firewall 3100 appliance.
It includes following information:
· Local disks
· Storage controllers
· Storage enclosures

CISCO-FIREPOWER-AP-SW-MIB

This package contains details about how the system should be configured. Objects in this package are created implicitly by the system based on user-specified data from the “fabric” package. For example, the “fabric” package may specify high-level fabric policies, and the “sw” package may specify individual VLAN membership for each physical port.
It includes the following information:
· VLANs
· VLAN membership
· Ethernet ports

CISCO-FIREPOWER-AP-SYSDEBUG-MIB This package provides information to help troubleshoot FXOS. It includes the following information: · Objects for accessing and exporting core files · Backup behavior · Log policies · Tech support file repository

CISCO-FIREPOWER-AP-SYSFILE-MIB

This package provides information to manage the import or export of system files.
It includes abstract classes that support the import and export of FXOS files.

CISCO-FIREPOWER-AP-TC-MIB

This MIB contains all the SNMP textual conventions that are used in other FXOS MIBs.

CISCO-FIREPOWER-AP-TOP-MIB

This package contains the definition of the root object in the FXOS management information tree.

Cisco Firepower 1000, 2100 FXOS, Secure Firewall 3100 and 4200 MIB Reference Guide 23

Purpose of the Cisco FXOS MIBs

MIB CISCO-FIREPOWER-AP-TRIG-MIB

Purpose
This package contains information to manage scheduled and triggered activities. It includes the following objects:
· Objects to schedule activities
· Objects to monitor activities that have been scheduled
· Objects to track activities that require user acknowledgment

CISCO-FIREPOWER-AP-UUIDPOOL-MIB This package contains details about the pools of UUID identifiers. Pools of UUID identifiers are used to assign virtual UUIDs to service profiles.
It includes the following information:
· Pools of UUID identifiers
· Block of UUID identifiers
· UUID identifiers, which can be assigned to service profiles

CISCO-FIREPOWER-AP-VERSION-MIB This package reports the FXOS software version.

CISCO-FIREPOWER-AP-VM-MIB

This package contains details specific to the inventory and monitoring of virtual machines. FXOS keeps track of virtual machines if the VM vNIC is provided.

CISCO-FIREPOWER-AP-VNIC-MIB

This package contains details about Firepower 2100 series appliance, Firepower 1000 appliance, or Secure Firewall 3100 appliance network adapters, including Ethernet vNICs. It includes the following information:
· Objects to model a Service Profile Ethernet vNIC
· Policies that control the behavior of vNICs
· Policies for dynamic vNICSs
· Boot targets

Cisco Firepower 1000, 2100 FXOS, Secure Firewall 3100 and 4200 MIB Reference Guide 24

Documents / Resources

CISCO FPR2110 Firepower Network Security Firewall Appliance [pdf] User Guide
FPR2110-ASA-K9-CAP, 1000, 2100, 3100, 4200, FPR2110 Firepower Network Security Firewall Appliance, FPR2110, Firepower Network Security Firewall Appliance, Network Security Firewall Appliance, Security Firewall Appliance, Firewall Appliance, Appliance

References

User Manual

FPR2110 Firepower Network Security Firewall Appliance

Product Information

Specifications:

Product Usage Instructions

About This Guide:

Downloading MIB Files:

Using MIB Files:

Cisco FXOS Faults:

Types of MIBs:

FAQ

Q: How can I receive fault event notifications?

Q: Can I use the MIB files for inventory management?

Documents / Resources

References

Leave a comment

Cancel reply