Discovering Virtual Paired Cisco Firewalls and missing values in IRE payloads.

RobertB1
Tera Expert

 

Hi community,

I'm seeking advice on two issues:

1. I'm currently setting up discovery for virtual Cisco firewalls deployed in pairs (active and standby). The tool used configures both together, preventing individual changes. Thus, I’m told, both have the same hostname and lack serial numbers. The out-of-the-box identifier matches on 'name', resulting in a single CI record causing flip-flopping. I can prevent this by updating the identifier to 'name + IP address', but this causes the Cisco next-gen pattern to fail due to IP address not being included in the IRE payload. Currently, I've reverted to using Firewall probes instead of the new pattern. Has anyone encountered this issue? How did you tweak discovery to identify both firewalls? Ideally without using IP address, preferably using patterns, and probes often mess up the model data I’ve found?

2. Upon checking the pattern, I noticed that the IP address is included in the create CI step but not in the IRE payload. Any reasons for this inconsistency?

Appreciate any insights or advice on these matters.



thanks in advance 

Rob

2 REPLIES 2

Mari Gran
Tera Contributor

Hi Rob,

We are having the same issue as you describe related to Cisco firewall pair. 

Have you been able to find any further solution to this?

Thanks,

Mari

RobertB1
Tera Expert

Hi Mari, 

 

yes, I extended the pattern, adding primary or secondary to the hostname, depending on it's role. 

 

For example, FW1234_primary & FW1234_secondary 

 

Cheers 

Rob