Failure with one or more ISP links-checkpoint-all
Vendor: checkpoint
OS: all
Description:
Indeni will alert when the connectivity to one or more ISPs are not in a healthy state.
Remediation Steps:
Depending on the ISP link status, you should consider reaching out to your provider to get further assistance
chkp-cpstat_fw_vsx
name: chkp-cpstat_fw_vsx
description: Run "cpstat fw" on all vs in VSX
type: monitoring
monitoring_interval: 5 minutes
requires:
vendor: checkpoint
vsx: 'true'
asg:
neq: true
role-firewall: 'true'
comments:
policy-installed:
why: |
If a security policy is not installed on the device, it will not be able to correctly forward traffic. If
the ISP managment is enabled then check the interface state as well for the isp connections.
how: |
By using the Check Point built-in "cpstat fw" command, it is confirmed that a policy is installed.
can-with-snmp: false
can-with-syslog: false
policy-install-last-modified:
why: |
If a security policy is resently modified, it can be interesting to know if part of maintainence or unscheduled change in the environment.
how: |
By using the Check Point built-in "cpstat fw" command, the last modified time stamp of the policy is noted.
can-with-snmp: false
can-with-syslog: false
isp-link-status:
why: |
To check the link status of the ISP status and role for each ISP
how: |
By using the Check Point built-in "cpstat fw" command anf getting the ISP link status from the ISP table
can-with-snmp: false
can-with-syslog: false
steps:
- run:
type: SSH
file: cpstat-fw-vsx.remote.1.bash
parse:
type: AWK
file: cpstat-fw-vsx.parser.1.awk
CheckPointIspLinkFailureNoVsxRule
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/checkpoint/CheckPointIspLinkFailureNoVsxRule.scala