Auvik can use the Cisco Secure Firewall Threat Defense (FTD) REST API to collect inventory and monitoring information from your firewall.
These instructions apply to:
- Cisco Secure Firewall Threat Defense (FTD)
- Firepower Device Manager (FDM)-managed devices
Note: Auvik uses the same username and password that you use to log in to the FTD management interface. No separate API token needs to be manually created.
Add Device API Credentials in Auvik
- Navigate to Admin > Manage Credentials.
.
- Click Device API Credentials.
- Hover over Add Device API Credentials.
- Select Firepower.
- Enter the device information.
Complete the following fields:
| Field | Description |
|---|---|
| Name | A descriptive name used within Auvik. |
| Device | The firewall device the credentials will be assigned to. |
| Username | The FTD administrator username. |
| Password | The password associated with the administrator account. |
| Port | The HTTPS management port used by the FTD REST API. The default is 443. Change this only if your management interface uses a different port. |
- Click Test Connection.
- Verify the test succeeds.
- Click Save.
Prerequisites
Before testing the connection, verify the following:
- HTTPS access to the FTD management interface is enabled.
- The Auvik collector can reach the management IP address.
- TCP port 443 (or the configured management port) is accessible.
- The administrator account is active and not locked.
- The account has sufficient permissions to access the FTD management API.
- Local or external authentication services (LDAP, RADIUS, TACACS+) are functioning correctly if used for administrator authentication.
Troubleshooting API Authentication
If the test connection fails, verify that API authentication is functioning correctly using the API Explorer.
Open API Explorer
- Open a web browser and navigate to the FTD management interface.
Example:
https://ftd.example.com- Log in to Firepower Device Manager.
For FTD 6.4 and earlier:
Append the following path to the URL:
/#/api-explorerFor FTD 6.5 and later:
- Click the More Options menu.
- Select API Explorer.
The API Explorer opens in a new browser tab or window.
Test Token Authentication
- Search for Token within API Explorer.
- Select Example Value.
The request body will be populated automatically.
Modify the request:
- Change
"grant_type"from"custom_token"to"password". - Enter the same username and password configured in Auvik.
Example:
{
"grant_type": "password",
"username": "admin",
"password": "password"
}- Scroll to the Try It Out section.
- Execute the request.
Verify the Response
A successful authentication returns:
Response Code: 200A response code of 200 confirms:
- The username and password are valid.
- The API service is functioning correctly.
- Auvik should be able to authenticate using the same credentials.
If you receive a different response code:
| Response Code | Possible Cause |
| 401 | Invalid username or password |
| 403 | Insufficient permissions |
| 404 | Incorrect API endpoint |
| 500 | Internal FTD error |
Additional Troubleshooting
If authentication continues to fail:
- Verify the management IP address configured in Auvik is correct.
- Confirm the management interface allows HTTPS connections from the Auvik collector.
- Verify any firewalls or access control policies allow communication between the collector and the FTD.
- Check whether administrator authentication is handled through an external identity provider.
- Review FTD system logs for authentication or API-related errors.
Authentication Successful
Once the credentials have been successfully validated and saved, Auvik will begin collecting available information from the firewall through the FTD REST API.
Depending on polling intervals, newly collected information may take several minutes to appear within Auvik.