We are in the beginning phases of integrating and testing the Next Generation Firewall patterns, so we are using the OOB Firewall Classifier.  We ran into the same issue during discovery where a couple firewalls were being discovered as IP Routers. Our thought process or belief is that this shouldn't be expected behavior.  Although firewalls can and do participate with routing the primary function of a firewall is to apply security policy to and from networks. 

The OOB classifier uses DNS for Exploration,SNMP-Identity trigger probes and sysdescr contains firewall classification criteria. We also have populated all the SNMP OID Classifications as pointed out in other Community. We have also added the sysdescr does not contain firewall to the Standard Network Router classifier. Why does it bypass and where does it bypass the steps to kick-off the Router Pattern? 

Do we need to modify the Network Router pattern to include that the description does not contain firewall? Or create an isFirewall variable like the Create isRouter?

1.2 Create isRouter variable

1.12 Create shouldRunRouterLogic variable

1.38 Set isRouter variable

1.40 If it is a router, isPrinter should be false

1.52 Set shouldRunRouterLogic variable

A walk in the pattern,

Kevin