Communication between management server and specific devices not working-fortinet-FortiOS

error
health-checks
fortios
fortinet
Communication between management server and specific devices not working-fortinet-FortiOS
0

#1

Communication between management server and specific devices not working-fortinet-FortiOS

Vendor: fortinet

OS: FortiOS

Description:
A management server needs to communicate with its managed devices at all times. indeni will alert if the communication is broken.

Remediation Steps:
Troubleshoot any possible connectivity issues.

How does this work?
This script logins to the FortiGate using SSH and retrieves the connectivity status with the fortimanager by using the FortiOS command “diagnose fdsm central-mgmt-status”. The “diagnose fdsm central-mgmt-status” command provides connectivity and registration status of the ForitGate with the FortiManager.

Why is this important?
This metric is used to identify the connectivity status of the FortiGate device with the FortiManager. The FortiManager unit provides remote management of a FortiGate unit over TCP port 541. In particular, the FortiManager appliance provides centralized policy-based provisioning, configuration, and update management, as well as end-to-end network monitoring for added control. Check the link below for more information: http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-system-administration-54/Central%20Management/central_mgmt.htm

Without Indeni how would you find this?
An admin would need to log into the Fortinet firewall and manually check the current status.This information can be provided via SNMP and logging.

fortios-diagnose-fdsm-central-mgmt-status

#! META
name: fortios-diagnose-fdsm-central-mgmt-status
description: Fortinet Firewall FortiManager connectivity and registration status
type: monitoring
monitoring_interval: 10 minutes
requires:
    vendor: fortinet
    os.name: FortiOS
    product: firewall
    vdom_enabled: false
    vdom_root: true

# --------------------------------------------------------------------------------------------------
# The script publish the following metrics
#
# [trust-connection-state]           [0 | 1, 0 if status is down]
# [fortios-fortimanager-register-status]  [copy text. ex 'Unknown']
# --------------------------------------------------------------------------------------------------

#! COMMENTS
trust-connection-state:
    why: |
        This metric is used to identify the connectivity status of the FortiGate device with the FortiManager. The
        FortiManager unit provides remote management of a FortiGate unit over TCP port 541. In particular, the
        FortiManager appliance provides centralized policy-based provisioning, configuration, and update management, as
        well as end-to-end network monitoring for added control. Check the link below for more information:
        http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-system-administration-54/Central%20Management/central_mgmt.htm
    how: |
        This script logins to the FortiGate using SSH and retrieves the connectivity status with the fortimanager by
        using the FortiOS command "diagnose fdsm central-mgmt-status". The "diagnose fdsm central-mgmt-status" command
        provides connectivity and registration status of the ForitGate with the FortiManager.
    without-indeni: |
         An admin would need to log into the Fortinet firewall and manually check the current status.This information
         can be provided via SNMP and logging.
    can-with-snmp: true
    can-with-syslog: true

fortios-fortimanager-register-status:
    why: |
        This metric is used to identify the registration status of the FortiGate device with the FortiManager. The
        FortiManager unit provides remote management of a FortiGate unit over TCP port 541. In particular, the
        FortiManager appliance provides centralized policy-based provisioning, configuration, and update management, as
        well as end-to-end network monitoring for added control. Check the link below for more information:
        http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-system-administration-54/Central%20Management/Adding%20a%20FortiGate%20to%20FortiManager.htm
    how: |
        This script logins to the FortiGate using SSH and retrieves the registration status with the Fortimanager by
        using the FortiOS command "diagnose fdsm central-mgmt-status". The 'diagnose fdsm central-mgmt-status command
        provides connectivity and registration status of the FortiGate with the FortiManager.
    without-indeni: |
        The user would have to login to the device and use the "diagnose fdsm central-mgmt-status" command to identify
        if  the device is registered with the FortiManager.
    can-with-snmp: false
    can-with-syslog: false


#! REMOTE::SSH
diagnose fdsm central-mgmt-status

#! PARSER::AWK

# Parse connection status (0 | 1)
#Connection status: Down
/^Connection status: /{

    # Get the last word ('Down' in the example)
    connection_status = tolower($NF)
    is_connected = 0

    # Compare the connection_status set 1 if is 'connected' or 'up'
    if(connection_status == "connected" || connection_status == "up") {
        is_connected = 1
    }

    # Publish in category "FortiManager"
    tags["name"] = "FortiManager Connection Status"
    writeDoubleMetricWithLiveConfig("trust-connection-state", tags, "gauge", 300, is_connected , "FortiManager", "state", "name")

}

# Parse registration status (just copy text)
#Registration status: Unknown
/^Registration status:/{

    # Get the last word ('Unknown' in the example)
    registration_status = trim($NF)

    # Publish in "Default/Overview" category
    writeComplexMetricStringWithLiveConfig("fortios-fortimanager-register-status", null,  registration_status, "FortiManager Registration Status")
}






cross_vendor_connection_from_mgmt_to_device

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.ruleengine.expressions.conditions.EndsWithRepetition
import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.ConditionalRemediationSteps
import com.indeni.server.rules.library.templates.StateDownTemplateRule

/**
  *
  */
case class cross_vendor_connection_from_mgmt_to_device() extends StateDownTemplateRule(
  ruleName = "cross_vendor_connection_from_mgmt_to_device",
  ruleFriendlyName = "All Devices: Communication between management server and specific devices not working",
  ruleDescription = "A management server needs to communicate with its managed devices at all times. indeni will alert if the communication is broken.",
  metricName = "trust-connection-state",
  applicableMetricTag = "name",
  alertItemsHeader = "Unreachable Managed Devices",
  alertDescription = "Some of the devices managed by this device cannot be reached by the management device. " +
    "Please review the list below. Note that the list may include devices that are not covered by indeni at this " +
    "point, as the check is done from the management server to all managed devices.",
  historyLength = 2,
  baseRemediationText = "Troubleshoot any possible connectivity issues.") (
  ConditionalRemediationSteps.VENDOR_CP -> "Read https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk60522"
)