Cisco virtual firewalls (5585 and related) in CMDB - has anyone set these up using Firewall Cluster classes?

Kelly Logan · ‎06-30-2022

We are using ITOM Visibility on San Diego and pulling in data through third party integrations that include Cisco firewall appliances like the 5585 series that creates virtual firewalls. I see that there are dedicated cluster setups for Fortinet and Juniper appliances in the Firewall OOB classes, but not yet for Cisco it seems.

The primary issue we are having is that we are getting in multiple entries with shared serial numbers, MAC addresses, names, but not consistently. Some have the same name and different serial numbers, some have different names, and the same serial numbers, etc - this leads the regular Identification rules to see these entries as duplicates and merge them into a single device IP Firewall entry.

Has anyone else modeled Cisco 5585 appliances in a way they have found useful to account for this? My thought is to use the generic cluster classes and relationships to create a model similar to the Juniper Firewall Device with a Hosted On relationship, and membership in a Firewall Device Group.

(I see quite a few entries in the Store regarding Cisco, but nothing that I found that adds Cisco clustering.)

Thanks in advance for your advice and experience in this matter!

Jason Roiz · ‎09-09-2022

I have the same question. How to discover Cisco 4000 series firewall chassis/FXOS, and logical ASA's running on them as well as the HA cluster represented. The Cisco firewall pattern OOB only discovers the chassis as IP Firewall (downgraded class) and no ASA's or HA/failover. I added OID's that kick off the Cisco Firewall pattern, but the pattern does not populate the the firewall temp table as seen in debug mode in pattern designer. A chassis gets 147 OID's from SNMP probe, but the ASA only gets 34. The serial number is no where to be found in the multiple MIB's that I tried (Entity MIB or others), but it does return the sysObjectId, sysDescr, gets name from DNS but does not populated it into the temp table therefore cannot create a CI.

SN Arch Guy · ‎11-14-2024

@Jason Roiz any update on your experience with this? One issue we see is that even though Cisco Firewall clusters have different management IPs and serial numbers, when they are discovered they are identified as the same device. Thinking there should be three entities: the two cluster nodes, and then the "main" device?

Jay118 · ‎03-19-2025

ServiceNow has not addressed this issue as of Xanadu. I ended up modifying the firewall pattern to allow creation of firewall CIs with only a DNS name and no machine name and without a serial number, though not recommended because I am now dealing with more problems. I then added a pattern in the identification section of the firewall pattern to get serial number via SSH. This worked for a while to get virtual firewalls (ASA's), but now I have 100 stale records that no longer update because the DNS names do not match, no machine name, and i think the serial number have changed because they are ephemeral. What a mess! Cisco, please help. ServiceNow, please help! I think things really got messed up when two nodes swap active/passive roles in an HA cluster. It does not recognize clusters!