Communication between management server and specific devices not working-fortinet-FortiOS

Communication between management server and specific devices not working-fortinet-FortiOS
0

Communication between management server and specific devices not working-fortinet-FortiOS

Vendor: fortinet

OS: FortiOS

Description:
A management server needs to communicate with its managed devices at all times. indeni will alert if the communication is broken.

Remediation Steps:
Troubleshoot any possible connectivity issues.

How does this work?
This script logins to the FortiGate using SSH and retrieves the connectivity status with the fortimanager by using the FortiOS command “diagnose fdsm central-mgmt-status”. The “diagnose fdsm central-mgmt-status” command provides connectivity and registration status of the ForitGate with the FortiManager.

Why is this important?
This metric is used to identify the connectivity status of the FortiGate device with the FortiManager. The FortiManager unit provides remote management of a FortiGate unit over TCP port 541. In particular, the FortiManager appliance provides centralized policy-based provisioning, configuration, and update management, as well as end-to-end network monitoring for added control. Check the link below for more information: http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-system-administration-54/Central%20Management/central_mgmt.htm

Without Indeni how would you find this?
An admin would need to log into the Fortinet firewall and manually check the current status.This information can be provided via SNMP and logging.

fortios-diagnose-fdsm-central-mgmt-status

name: fortios-diagnose-fdsm-central-mgmt-status
description: Fortinet Firewall FortiManager connectivity and registration status
type: monitoring
monitoring_interval: 10 minutes
requires:
    vendor: fortinet
    os.name: FortiOS
    product: firewall
comments:
    trust-connection-state:
        why: |
            This metric is used to identify the connectivity status of the FortiGate device with the FortiManager. The
            FortiManager unit provides remote management of a FortiGate unit over TCP port 541. In particular, the
            FortiManager appliance provides centralized policy-based provisioning, configuration, and update management, as
            well as end-to-end network monitoring for added control. Check the link below for more information:
            http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-system-administration-54/Central%20Management/central_mgmt.htm
        how: |
            This script logins to the FortiGate using SSH and retrieves the connectivity status with the fortimanager by
            using the FortiOS command "diagnose fdsm central-mgmt-status". The "diagnose fdsm central-mgmt-status" command
            provides connectivity and registration status of the ForitGate with the FortiManager.
        without-indeni: |
            An admin would need to log into the Fortinet firewall and manually check the current status.This information
            can be provided via SNMP and logging.
        can-with-snmp: true
        can-with-syslog: true
    fortios-fortimanager-register-status:
        why: |
            This metric is used to identify the registration status of the FortiGate device with the FortiManager. The
            FortiManager unit provides remote management of a FortiGate unit over TCP port 541. In particular, the
            FortiManager appliance provides centralized policy-based provisioning, configuration, and update management, as
            well as end-to-end network monitoring for added control. Check the link below for more information:
            http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-system-administration-54/Central%20Management/Adding%20a%20FortiGate%20to%20FortiManager.htm
        how: |
            This script logins to the FortiGate using SSH and retrieves the registration status with the Fortimanager by
            using the FortiOS command "diagnose fdsm central-mgmt-status". The 'diagnose fdsm central-mgmt-status command
            provides connectivity and registration status of the FortiGate with the FortiManager.
        without-indeni: |
            The user would have to login to the device and use the "diagnose fdsm central-mgmt-status" command to identify
            if  the device is registered with the FortiManager.
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: diagnose fdsm central-mgmt-status
    parse:
        type: AWK
        file: diagnose_fdsm_central_mgmt_status.parser.1.awk

cross_vendor_connection_from_mgmt_to_device

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.ruleengine.expressions.conditions.EndsWithRepetition
import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.StateDownTemplateRule
import com.indeni.server.rules.RemediationStepCondition

/**
  *
  */
case class cross_vendor_connection_from_mgmt_to_device() extends StateDownTemplateRule(
  ruleName = "cross_vendor_connection_from_mgmt_to_device",
  ruleFriendlyName = "All Devices: Communication between management server and specific devices not working",
  ruleDescription = "A management server needs to communicate with its managed devices at all times. indeni will alert if the communication is broken.",
  metricName = "trust-connection-state",
  applicableMetricTag = "name",
  alertItemsHeader = "Unreachable Managed Devices",
  alertDescription = "Some of the devices managed by this device cannot be reached by the management device. " +
    "Please review the list below. Note that the list may include devices that are not covered by indeni at this " +
    "point, as the check is done from the management server to all managed devices.",
  historyLength = 2,
  baseRemediationText = "Troubleshoot any possible connectivity issues.") (
  RemediationStepCondition.VENDOR_CP -> "Read https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk60522"
)