We have an attribute "haState" for our checkpoint devices. This can either have "active" or "standby" as value.  How can we create a watch that triggers if the attribute "haState" changes? Just a change to either one of the states.

Release : Any Spectrum Release

Component : Spectrum Core / SpectroSERVER  SpectroWatch

Checkpoint Devices with High Availability. (Fault tolerance)

How To /  Best Practice

Converted the expression from attribute names to attribute numbers as we have duplicate attribute names now in Spectrum.

Boolean Watch Expression

( ( ( ( ( ATTR(0xc41530) == "standby" ) & ( ATTR(0xc41532) == 1 ) ) | ( ( ATTR(0xc41530) == "active" ) & ( ATTR(0xc41532) == 2 ) ) ) | ( ATTR(0xc41530) == "initializing" ) ) | ( ATTR(0xc41530) == "Ready" ) )

All credit for this solution goes to users from the Broadcom Communities post found here

From the solution it was was further explained it as:

Here is my documentation on why and how this works. We have a large firewall environment and its been 100% accurate.

"checks active for nodes configured as primary and standby for nodes configured as secondary"
 
Primary reason this works: haIdentifier is hardcoded per FW
 
Why is this coded assembly style?
watch expressions do not allow string conversion. using boolean of a text compare is a way around this
 
Checks OIDS:
SNMPv2-SMI::enterprises.2620.1.5.6.0 haState (text-string of standby state)
SNMPv2-SMI::enterprises.2620.1.5.8.0 haIdentifier (integer of what firewall is configured to be, 1 for primary, 2 for secondary)
 
all possible combinations:
node-01 active 0*1+1*0+0+0 Result: 0
node-01 standby 0*1+1*0+0+0 Result: 1
node-01 ready 0*1+1*0+0+0 Result: 1
node-01 init 0*1+1*0+0+0 Result: 1
node-02 active 1*0+0*1+0+0 Result: 1
node-02 standby 0*0+1*1+0+0 Result: 0
node-02 ready 0*0+0*1+1+0 Result: 1
node-02 init 0*0+0*1+0+1 Result: 1