Discovering Virtual Paired Cisco Firewalls and missing values in IRE payloads.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-09-2024 05:18 PM
Hi community,
I'm seeking advice on two issues:
1. I'm currently setting up discovery for virtual Cisco firewalls deployed in pairs (active and standby). The tool used configures both together, preventing individual changes. Thus, I’m told, both have the same hostname and lack serial numbers. The out-of-the-box identifier matches on 'name', resulting in a single CI record causing flip-flopping. I can prevent this by updating the identifier to 'name + IP address', but this causes the Cisco next-gen pattern to fail due to IP address not being included in the IRE payload. Currently, I've reverted to using Firewall probes instead of the new pattern. Has anyone encountered this issue? How did you tweak discovery to identify both firewalls? Ideally without using IP address, preferably using patterns, and probes often mess up the model data I’ve found?
2. Upon checking the pattern, I noticed that the IP address is included in the create CI step but not in the IRE payload. Any reasons for this inconsistency?
Appreciate any insights or advice on these matters.
thanks in advance
Rob
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-27-2024 06:52 AM
Hi Rob,
We are having the same issue as you describe related to Cisco firewall pair.
Have you been able to find any further solution to this?
Thanks,
Mari
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-11-2024 08:59 PM
Hi Mari,
yes, I extended the pattern, adding primary or secondary to the hostname, depending on it's role.
For example, FW1234_primary & FW1234_secondary
Cheers
Rob
