How can the Primary/Secondary model name suffix on ASA firewall models be disabled in CA Spectrum

Document ID:  TEC1585771
Last Modified Date:  08/09/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details

Products

  • CA Spectrum

Releases

  • CA Spectrum:Release:10.2
  • CA Spectrum:Release:10.2.1

Components

  • CORE / SPECTROSERVER:SPCCSS
Introduction:

When modeling Cisco ASA firewalls, Spectrum appends _primary or _secondary to the model name to represent when the model is in a primary or secondary state.  This is described in CA documentation:

 

https://docops.ca.com/display/CASP101/Cisco%20ASA%20(Adaptive%20Security%20Appliance)%20Devices%20Failover 

 

Cisco ASA (Adaptive Security Appliance) Devices Failover

Skip to end of metadata

Created by Abhijit Das, last modified on Jan 08, 2016 Go to start of metadata

Cisco Adaptive Security Appliance (ASA) device family delivers enterprise-class firewall capabilities for ASA devices in an array of form factors - standalone appliances, blades, and virtual appliances - for any distributed network environment. ASA software also integrates with other critical security technologies to deliver comprehensive solutions that meet continuously evolving security needs. Cisco ASA devices offers a combination of enterprise-class stateful firewalls with a comprehensive range of next-generation network security services.

 

With respect to Cisco ASA (Adaptive Security Appliance) devices failover, Spectrum now has the following capabilities:

 

1.  Identifies Primary and Secondary device and appends the text to model name.

2.  Generates alarm if the Primary device goes to standby.

3.  Changes the ASA device status to Active/Standby or Active/Active.

4.  Polls and discovers changes of Failover States of Cisco ASA Firewalls

5.  Discover Connections and update the topology, when the failover occurs

 

The two Cisco ASA Firewalls are in a Primary and Secondary Mode, which ideally means that Primary Firewall is Active, whereas the Firewall in secondary mode is in Standby.

 

When a failover happens, the two Firewall devices switch their configuration.

This means that they switch their Management IP Address as well. This Management IP Address is used to model both devices in Spectrum.

The MAC Addresses for active interfaces are also switched.

 

 Expected Result:

When failover occurs on the primary device, secondary firewall device should become Active and primary firewall device becomes Standby.

The following text: “_Primary” & “_Secondary” is appended to the model name automatically in the topology view.

Instructions:

Prior to Spectrum release 10.2.2 this was not configurable.  Spectrum release 10.2.2 has been enhanced to allow for the addition of the _primary and _secondary suffix to be removed.

A new attribute has been introduced on the Cisco ASA firewall modeltype:

suffixFWModeToModelName - attribute id 0x00215325

By default this value is true.  Change this to false by using the Attribute Editor on all Cisco ASA models that you want to disable this functionality for.

On the next poll interval the _primary and/or _secondary suffix will be removed from the model name.

Additional Information:

CA Spectrum 10.2.2 has a tentative release of Q4 2017.

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255

{{status}}

Not what you were looking for?

Search Again >

Product Information

Support by Product >

Communities

Join a Community >