Welcome, Guest. Please login or register.

Author Topic: Discovery of failower ASA  (Read 4060 times)

dbrlekovic

  • Guest
Discovery of failower ASA
« on: May 08, 2013, 01:54:46 PM »
Hello,

is there a way to discover both ASA-s in active/standby failower configuration. Nedi discovers my primary device, but for secondary it say it's "Done already".

Regards!

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2693
    • View Profile
    • NeDi
Re: Discovery of failower ASA
« Reply #1 on: May 08, 2013, 05:06:05 PM »
Oh, I suppose they use the same name? Is it trying a different IP at least?
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

dbrlekovic

  • Guest
Re: Discovery of failower ASA
« Reply #2 on: May 09, 2013, 01:53:06 PM »
Yes, they are using same name because configurations are replicated, but IP addresses are different.

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2693
    • View Profile
    • NeDi
Re: Discovery of failower ASA
« Reply #3 on: May 11, 2013, 10:44:15 PM »
1.0.9 will have a global option to use IPs rather than names, but this should be handled differently. I'll come up with some sort of detection for such boxes...
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

spyram

  • Guest
Re: Discovery of failower ASA
« Reply #4 on: May 13, 2015, 02:54:04 PM »
Hi Remo,

This topic is still pending.

We're still unable to have both the active and the standby nodes unless we choose IP.

Here is the relevant output from the Primary ASA:
.1.3.6.1.4.1.9.9.147.1.2.1.1.1.2.4 = STRING: "Failover LAN Interface"
.1.3.6.1.4.1.9.9.147.1.2.1.1.1.2.6 = STRING: "Primary unit (this device)"
.1.3.6.1.4.1.9.9.147.1.2.1.1.1.2.7 = STRING: "Secondary unit"
.1.3.6.1.4.1.9.9.147.1.2.1.1.1.3.4 = INTEGER: 2
.1.3.6.1.4.1.9.9.147.1.2.1.1.1.3.6 = INTEGER: 9
.1.3.6.1.4.1.9.9.147.1.2.1.1.1.3.7 = INTEGER: 10
.1.3.6.1.4.1.9.9.147.1.2.1.1.1.4.4 = STRING: "fw-xpto HA Ethernet0/3"
.1.3.6.1.4.1.9.9.147.1.2.1.1.1.4.6 = STRING: "Active unit"
.1.3.6.1.4.1.9.9.147.1.2.1.1.1.4.7 = STRING: "Standby unit"

And from the Failover ASA:
.1.3.6.1.4.1.9.9.147.1.2.1.1.1.2.4 = STRING: "Failover LAN Interface"
.1.3.6.1.4.1.9.9.147.1.2.1.1.1.2.6 = STRING: "Primary unit"
.1.3.6.1.4.1.9.9.147.1.2.1.1.1.2.7 = STRING: "Secondary unit (this device)"
.1.3.6.1.4.1.9.9.147.1.2.1.1.1.3.4 = INTEGER: 2
.1.3.6.1.4.1.9.9.147.1.2.1.1.1.3.6 = INTEGER: 9
.1.3.6.1.4.1.9.9.147.1.2.1.1.1.3.7 = INTEGER: 10
.1.3.6.1.4.1.9.9.147.1.2.1.1.1.4.4 = STRING: "fw-xpto HA Ethernet0/3"
.1.3.6.1.4.1.9.9.147.1.2.1.1.1.4.6 = STRING: "Active unit"
.1.3.6.1.4.1.9.9.147.1.2.1.1.1.4.7 = STRING: "Standby unit"

Also note that:
.1.3.6.1.4.1.9.9.147.1.2.1.1.1.3.6 (CISCO-FIREWALL-MIB::cfwHardwareStatusValue.primaryUnit) and
.1.3.6.1.4.1.9.9.147.1.2.1.1.1.3.7 (CISCO-FIREWALL-MIB::cfwHardwareStatusValue.secondaryUnit)

state the health of the HA pair

   DESCRIPTION
        "This textual convention is used to describe various events
        that are related to the resources on a firewall.
        other      : Generic resource event.
        up         : The resource is in service.
        down       : The resource is not in service.
        error      : There has been an error for this resource.
        overTemp   : The resource is overheating.
        busy       : The resource is busy.
        noMedia    : A device doesn't have its needed media.
        backup     : Processing has switched to the backup.
        active     : This is the active unit.
        standby    : This is the standby unit."

    SYNTAX INTEGER {
        other(1),
        up(2),
        down(3),
        error(4),
        overTemp(5),
        busy(6),
        noMedia(7),
        backup(8),
        active(9),
        standby(10)
    }

Tks.
« Last Edit: May 13, 2015, 03:20:29 PM by spyram »

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2693
    • View Profile
    • NeDi
Re: Discovery of failower ASA
« Reply #5 on: May 13, 2015, 11:28:15 PM »
He solved it:https://forum.nedi.ch/index.php?topic=1856.0
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

spyram

  • Guest
Re: Discovery of failower ASA
« Reply #6 on: May 14, 2015, 12:23:20 PM »
Missed that one.

Sorry for your time.