search cancel

user defined error when creating watch for Cisco Firepower devices in fail-over

book

Article ID: 254228

calendar_today

Updated On:

Products

DX NetOps

Issue/Introduction

The customer's scope is to create a watch to monitor the status of Cisco Firepower devices in fail-over configuration. 

 

 

 

 

 

 

 

 

Environment

Release : 21.2

Resolution

Spectrum out of the box already supports the Cisco ASA Firewall devices in Failover configuration see https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/spectrum/21-2/managing-network/cisco-device-management/cisco-asa-adaptive-security-appliance-devices-failover.html and one of the prerequisites for such support is to have those devices modeled as CiscoASA.

Now as the Cisco Firepower module of the next-generation ASA software runs inline on top of the ASA's current architecture you can have the Spectrum support of Cisco Firepower failover environment (like It is for Cisco ASA) as follows:

1) delete the current Cisco Firepower discovered devices  

2) launch Device certification and edit the line that contains the OID is 1.3.6.1.4.1.9.1.2404. Modify the Model_Type from Firepower_1k_2K into CiscoASA and save the modification.

3) launch the Topology -> Create by IP to discover the primary and secondary Cisco Firepower devices. The  “_Primary” & “_Secondary" is appended to the model name automatically in the topology view.

4) Simulate a failover and verify that  a major alarm is triggered as expected.