Failure with one or more ISP links-checkpoint-all

Failure with one or more ISP links-checkpoint-all
0

Failure with one or more ISP links-checkpoint-all

Vendor: checkpoint

OS: all

Description:
Indeni will alert when the connectivity to one or more ISPs are not in a healthy state.

Remediation Steps:
Depending on the ISP link status, you should consider reaching out to your provider to get further assistance

chkp-cpstat_fw_vsx

name: chkp-cpstat_fw_vsx
description: Run "cpstat fw" on all vs in VSX
type: monitoring
monitoring_interval: 5 minutes
requires:
    vendor: checkpoint
    vsx: 'true'
    asg:
        neq: true
    role-firewall: 'true'
comments:

    policy-installed:
        why: |
            If a security policy is not installed on the device, it will not be able to correctly forward traffic. If
            the ISP managment is enabled then check the interface state as well for the isp connections.
        how: |
            By using the Check Point built-in "cpstat fw" command, it is confirmed that a policy is installed.
        can-with-snmp: false
        can-with-syslog: false

    policy-install-last-modified:
        why: |
            If a security policy is resently modified, it can be interesting to know if part of maintainence or unscheduled change in the environment.
        how: |
            By using the Check Point built-in "cpstat fw" command, the last modified time stamp of the policy is noted.
        can-with-snmp: false
        can-with-syslog: false

    isp-link-status:
        why: |
            To check the link status of the ISP status and role for each ISP
        how: |
            By using the Check Point built-in "cpstat fw" command anf getting the ISP link status from the ISP table
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        file: cpstat-fw-vsx.remote.1.bash
    parse:
        type: AWK
        file: cpstat-fw-vsx.parser.1.awk

CheckPointIspLinkFailureVsxRule

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.checkpoint

import com.indeni.ruleengine.expressions.Expression
import com.indeni.ruleengine.expressions.conditions.{Equals => RuleEquals, Not => RuleNot, Or => RuleOr}
import com.indeni.server.common.data.conditions.{Equals => DataEquals}
import com.indeni.ruleengine.expressions.data.SnapshotExpression
import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.SingleSnapshotValueCheckTemplateRule
import com.indeni.server.rules.library.RuleHelper

/**
  *
  */
case class CheckPointIspLinkFailureVsxRule() extends SingleSnapshotValueCheckTemplateRule(
  ruleName = "CheckPointIspLinkFailureVsxRule",
  ruleFriendlyName = "Check Point Devices (VSX): Failure with one or more ISP links",
  ruleDescription = "Indeni will alert when the connectivity to one or more ISPs are not in a healthy state.",
  metricName = "isp-link-status",
  applicableMetricTag = "isp-link",
  alertItemsHeader = "ISP Links Affected",
  alertDescription = "The device is unresponsive to one or more ISPs. This can cause a lot of disruption for services, please review the affected ISPs below.",
  baseRemediationText = "Depending on the ISP link status, you should consider reaching out to your provider to get further assistance",
  metaCondition = DataEquals("vsx", "true"),
  complexCondition = RuleNot(
    RuleEquals(SnapshotExpression("isp-link-status").asSingle().mostRecent().value().noneable, RuleHelper.createComplexStringConstantExpression("OK") ) ),
    alertItemHeadlineExpersion =
    new Expression[String] {
      val ispLinkStatusExpersion = SnapshotExpression("isp-link-status").asSingle().mostRecent()
      override def eval(time: Long): String = ispLinkStatusExpersion.eval(time).value.getOrElse("value", "")
      override def args: Set[Expression[_]] = Set(ispLinkStatusExpersion)
    },
  headlineFormat = "%s has the following status: %s"
)()