Ping on ASA with LMS 3.0

georges.merhej · ‎05-20-2010

Hello,

Does anyone have an idea about how to disable ICMP queries from the LMS to an ASA firewall? Can we disable ICMP on an ASA and still be able to manage/monitor it in the DFM?

Many thanks,

Joe Clarke · ‎05-20-2010

This will not be possible. DFM requires ICMP to be able to manage devices. DFM will use ICMP and SNMP to build its events and alerts.

georges.merhej · ‎05-21-2010

Clear. But the LMS is pinging all the ASA interfaces although it's managed by its inside interface only. Is it a normal case?

Hitesh Vinzoda · ‎05-21-2010

When you add a device it adds all the interfaces of the devices. what you should do is go to device manager and select the device and under the interfaces make the desired interfaces status to False from drop down menu. This interfaces will not monitored any more.

HTH

Hitesh Vinzoda

Please rate helpful posts.

Joe Clarke · ‎05-21-2010

While you can do this, you may not want to disable the entire interface. Instead, if you only want to disable the ICMP polling of the interface IP, go to DFM > Device Management > Device Details, and select the IP option from the tree (when you have launched the Detailed Device View for your ASA). In the right-hand frame you should see a list of IPs on the ASA. Make sure all of them have a management state of false except the IP by which the ASA is managed. That will prevent pings from going out to those other interfaces while making sure DFM can report on other interface-related faults.