In this post we are going to talk about the FMC Health Monitor Policy. The main purpose of this policy is to keep a close eye on all the devices in a Firepower domain. That includes both the sensors and the FMC itself for both software and hardware. However, we don’t necessarily have to use the same policy for all the devices. We can still have multiple different policies applied to our devices based on our needs.
For instance, we might have certain scenarios where we don’t really care about specific alerts coming for a specific device. Or maybe we want to change specific thresholds or other values before we are alerted for that device. The Health Monitor Policy has a bunch of options, some of them are just simply allow an On/Off action. But other options allow tuning the values of the health alerts such as the CPU usage thresholds or intrusion events per second.
By default the Health Monitor Policy runs every 5 minutes which is a fair time to be honest. However, if you want to change this timer you can do that from within the Health Monitor Policy settings. This option is called Policy Run Time Interval. You can find it at the top of the Health Monitor Policy options list. More about this at the end of this post.
Sometimes some of the Health Monitor Policy alerts can be too noisy, and they can be just informational about a very normal scenarios. For example, say you have an FTD HA pair, and you receive some alerts regarding the standby unit data interfaces that did not receive traffic in 5 minutes. That would be normal, and you might not want to keep FMC alerting you about that. That’s where the Health Monitor Policy suppression options comes in handy.
In this post I will show you how to disable the interface status alerts for all our devices. This is not necessarily something you might want to do in your production environment. Let’s get started.
Go to the Notifications > Health
From this window we will check the current health status of our devices that has been reported in the last 5 minutes.
As we can see, we have three alerts about our three FTD devices data interfaces status which are not receiving any traffic. Let’s go and edit the Health Monitor Policy to disable those alerts.
Go to Health > Policy and click on the pencil icon to edit
Scroll down to the middle and click on Interface Status and set the action to Off and then click on Save Policy and Exit
Click on the Apply button to apply the changes to the devices
Select all the device and click on Apply
Go to Notifications > Tasks to check the tasks status. No need to use the Deploy button since these changes are local to the FMC.
To change the Health Monitor Policy timer go to Health > Policy and click on the pencil icon to edit, and go to the first option on the list
This wraps up our lab of the FMC Health Monitor Policy.
Thank you for reading!
