HA pair member in suspended state for too long-paloaltonetworks-panos
Vendor: paloaltonetworks
OS: panos
Description:
Indeni tracks the duration of a device been put into suspended state
Remediation Steps:
To make the suspended device available for the High Availability pair again, issue the following CLI command:\n
How does this work?
This script logs into the Palo Alto Networks firewall through API and retrieves the status of the HA. If status is “suspended”, then it will show how long it has been in that state. Otherwise, it will print 0.
Why is this important?
PAN devices can get stuck in suspended mode administratively and need to be manually re-enabled for HA. Customers should be alerted if they stay in this state for too long.
Without Indeni how would you find this?
The status of high availability is visible in the web interface as a widget on the main screen. However the duration of this suspended state is not reported to the user.
panos-show-high-availability-state-duration
name: panos-show-high-availability-state-duration
description: Fetch HA suspended state duration
type: monitoring
monitoring_interval: 5 minute
requires:
vendor: paloaltonetworks
os.name: panos
high-availability: 'true'
comments:
ha-suspended-state-duration:
why: |
PAN devices can get stuck in suspended mode administratively and need to be manually re-enabled for HA. Customers should be alerted if they stay in this state for too long.
how: |
This script logs into the Palo Alto Networks firewall through API and retrieves the status of the HA. If status is "suspended", then it will show how long it has been in that state. Otherwise, it will print 0.
can-with-snmp: false
can-with-syslog: false
steps:
- run:
type: HTTP
command: /api?type=op&cmd=<show><high-availability><state></state></high-availability></show>&key=${api-key}
parse:
type: XML
file: show-high-availability-state-duration.parser.1.xml.yaml
PanosHaSuspendedStateDurationRule
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/paloaltonetworks/PanosHaSuspendedStateDurationRule.scala