False alarm - PRIMARY UNIT IS NOW STANDBY

Document ID : KB000098202
Last Modified Date : 28/05/2018
Show Technical Document Details
Introduction:
Spectrum supports the Active/Standby mode for Cisco ASA Firewall device Failover Scenario which means that Primary Firewall is Active, whereas the Firewall in Secondary mode is Standby.
 
Question:
When Primary Firewall is active and Secondary Firewall is standby, there is a "PRIMARY UNIT IS NOW STANDBY" alarm raised on Primary firewall. However, there isn't any fail over occurred from Primary to Secondary Firewall.
Environment:
Spectrum 10.x
Answer:
Basically Spectrum polls the following OIDs to check the hardware status of Cisco ASA devices.

cfwHardwareInformation 0x211600 1.3.6.1.4.1.9.9.147.1.2.1.1.1.2 
cfwHardwareStatusDetail 0x211602 1.3.6.1.4.1.9.9.147.1.2.1.1.1.4 
cfwHardwareStatusValue 0x211601 1.3.6.1.4.1.9.9.147.1.2.1.1.1.3 

You can find these OIDs from Locator--> Application models-->Search for "CiscoFirewallApp". You should be able to find CiscoFirewallApp application model for both Primary and Secondary ASA Firewall.

Below is a senario to raise this "PRIMARY UNIT IS NOW STANDBY" alarm.

cfwHardwareInformation:
User-added image

cfwHardwareStatusValue:
User-added image

This means Primary unit is standby and Secondary unit is active. Once Spectrum defects Secondary is active and Primary is standby, a "PRIMARY UNIT IS NOW STANDBY" alarm would be inserted to the Primary Unit.