Failure with one or more ISP links-checkpoint-all

Failure with one or more ISP links-checkpoint-all
0

Failure with one or more ISP links-checkpoint-all

Vendor: checkpoint

OS: all

Description:
Indeni will alert when the connectivity to one or more ISPs are not in a healthy state.

Remediation Steps:
Depending on the ISP link status, you should consider reaching out to your provider to get further assistance

chkp-cpstat_fw_vsx

name: chkp-cpstat_fw_vsx
description: Run "cpstat fw" on all vs in VSX
type: monitoring
monitoring_interval: 5 minutes
requires:
    vendor: checkpoint
    vsx: 'true'
    asg:
        neq: true
    role-firewall: 'true'
comments:
    policy-installed:
        why: |
            If a security policy is not installed on the device, it will not be able to correctly forward traffic. If the ISP managment is enabled then check the interface state as well for the isp connections.
        how: |
            By using the Check Point built-in "cpstat fw" command, it is confirmed that a policy is installed.
        without-indeni: |
            An administrator could login and manually run the command.
        can-with-snmp: false
        can-with-syslog: false
        vendor-provided-management: |
            Listing installed policy is possible through the Check Point SmartDashboard or the command line interface.
    policy-install-last-modified:
        why: |
            If a security policy is resently modified, it can be interesting to know if part of maintainence or unscheduled change in the environment.
        how: |
            By using the Check Point built-in "cpstat fw" command, the last modified time stamp of the policy is noted.
        without-indeni: |
            An administrator could login and manually run the command.
        can-with-snmp: false
        can-with-syslog: false
        vendor-provided-management: Listing installed policy and last   modified time
            is possible through the Check Point SmartDashboard or the command line
            interface.
    isp-link-status:
        skip-documentation: true
steps:
-   run:
        type: SSH
        file: cpstat-fw-vsx.remote.1.bash
    parse:
        type: AWK
        file: cpstat-fw-vsx.parser.1.awk

CheckPointIspLinkFailureNoVsxRule

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.checkpoint

import com.indeni.ruleengine.expressions.Expression
import com.indeni.ruleengine.expressions.conditions.{Equals => RuleEquals, Not => RuleNot, Or => RuleOr}
import com.indeni.server.common.data.conditions.{Equals => DataEquals}
import com.indeni.ruleengine.expressions.data.SnapshotExpression
import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.SingleSnapshotValueCheckTemplateRule
import com.indeni.server.rules.library.RuleHelper

/**
  *
  */
case class CheckPointIspLinkFailureNoVsxRule() extends SingleSnapshotValueCheckTemplateRule(
  ruleName = "CheckPointIspLinkFailureNoVsxRule",
  ruleFriendlyName = "Check Point Firewalls (Non-VSX): Failure with one or more ISP links",
  ruleDescription = "Indeni will alert when the connectivity to one or more ISPs are not in a healthy state.",
  metricName = "isp-link-status",
  applicableMetricTag = "isp-link",
  alertItemsHeader = "ISP Links Affected",
  alertDescription = "The device is unresponsive to one or more ISPs. This can cause a lot of disruption for services, please review the affected ISPs below.",
  baseRemediationText = "Depending on the ISP link status, you should consider reaching out to your provider to get further assistance",
  metaCondition = !DataEquals("vsx", "true"),
  complexCondition = RuleNot(
    RuleEquals(SnapshotExpression("isp-link-status").asSingle().mostRecent().value().noneable, RuleHelper.createComplexStringConstantExpression("OK") ) ),
  alertItemHeadlineExpersion =
    new Expression[String] {
      val ispLinkStatusExpersion = SnapshotExpression("isp-link-status").asSingle().mostRecent()
      override def eval(time: Long): String = ispLinkStatusExpersion.eval(time).value.getOrElse("value", "")
      override def args: Set[Expression[_]] = Set(ispLinkStatusExpersion)
    },
  headlineFormat = "%s has the following status: %s"
)()