Network port(s) running in half duplex-checkpoint-gaia

Network port(s) running in half duplex-checkpoint-gaia
0

Network port(s) running in half duplex-checkpoint-gaia

Vendor: checkpoint

OS: gaia

Description:
Indeni will alert one or more network ports is running in half duplex.

Remediation Steps:
Many times ports are in half duplex due to an autonegotation error or a misconfiguration.
Review sk83760: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk83760",

chkp-gaia-clish_show_interfaces_all-vsx

name: chkp-gaia-clish_show_interfaces_all-vsx
description: Run "show interfaces all" over clish in VSX
type: monitoring
monitoring_interval: 5 minute
requires:
    vendor: checkpoint
    os.name: gaia
    vsx: 'true'
    role-firewall: 'true'
comments:
    network-interface-state:
        why: |
            To check the network interface  state for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-admin-state:
        why: |
           To check the interface admin state for all the interfaces on the system
        how: |
           By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-speed:
        why: |
            To check the  network interface  speed for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-duplex:
        why: |
            To check the network interface duplex state for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-ipv4-address:
        why: |
            To check the network interface ipv4 address for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-ipv4-subnet:
        why: |
            To check the network interface ipv4 subnet for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false
    network-interface-type:
        why: |
            To check the network interface state for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-mtu:
        why: |
            To check the network interface MTU for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-mac:
        why: |
            To check the network interface mac for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-description:
        why: |
            To check the network interface description for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-tx-bits:
        why: |
            To check the network interface transmitted bits for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-rx-bits:
        why: |
            To check the network interface recieved bits for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-tx-packets:
        why: |
             To check the network interface transmitted packets for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-rx-packets:
        why: |
            To check the network interface recieved packets for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-tx-errors:
        why: |
            To check the network interface "tx-errors" for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-rx-dropped:
        why: |
            To check the network interface "rx-dropped" packets for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-tx-overruns:
        why: |
            To check the network interface "tx-overruns" for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-rx-overruns:
        why: |
            To check the network interface "rx-overrruns" for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-tx-carrier:

        why: |
            To check the network interface "tx-carrier" for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-rx-frame:
        why: |
            To check the network interface "rx-frame"  for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interfaces:
        why: |
            To list all the network interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-admin-state-logical:
        why: |
            To check the interface network state for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-state-logical:
        why: |
            To check the network interface logical state for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false

    network-interface-:
        why: |
            To check the network interface names for all the interfaces on the system
        how: |
            By parsing the information recived from commands "ifconfig -a", "ethtool" as well as Check point clish
            command "show interfaces all"
        can-with-snmp: false
        can-with-syslog: false
steps:
   -  run:
          type: SSH
          file: show-interfaces-all-vsx.remote.1.bash
      parse:
          type: AWK
          file: show-interfaces-all-vsx.parser.1.awk

cross_vendor_network_port_duplex_half

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.ruleengine.expressions.conditions.{Equals => RuleEquals}
import com.indeni.ruleengine.expressions.data.SnapshotExpression
import com.indeni.server.rules.library.RuleHelper._
import com.indeni.server.rules.{RemediationStepCondition, RuleCategory, RuleContext}
import com.indeni.server.rules.library.templates.SingleSnapshotValueCheckTemplateRule
import com.indeni.server.rules.library.RuleHelper

/**
  *
  */
case class cross_vendor_network_port_duplex_half() extends SingleSnapshotValueCheckTemplateRule(
  ruleName = "cross_vendor_network_port_duplex_half",
  ruleFriendlyName = "All Devices: Network port(s) running in half duplex",
  ruleDescription = "Indeni will alert one or more network ports is running in half duplex.",
  ruleCategories = Set(RuleCategory.VendorBestPractices),
  metricName = "network-interface-duplex",
  applicableMetricTag = "name",
  alertItemsHeader = "Ports Affected",
  alertDescription = "One or more ports are set to half duplex. This is usually an error. Review the list of ports below.",
  baseRemediationText = "Many times ports are in half duplex due to an autonegotation error or a misconfiguration.",
  complexCondition = RuleEquals(RuleHelper.createComplexStringConstantExpression("half"), SnapshotExpression("network-interface-duplex").asSingle().mostRecent().value().noneable),
  secondaryCondition = c => networkInterfaceAdminState(c.tsDao, expected = 1.0))(
  RemediationStepCondition.VENDOR_CP -> "Review sk83760: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk83760",
  RemediationStepCondition.VENDOR_PANOS -> "https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Display-Port-Information-Connected-Media-Interface/ta-p/61715",
  RemediationStepCondition.VENDOR_CISCO ->
    """|
       |1. Use the "show interface" NX-OS command to display speed and duplex settings of an interface.
       |2. Use the "show interface status" and "show interface capabilities" NX-OS commands to gather more information about ports.
       |3. You can disable link negotiation using the "no negotiate auto" command. Use the "negotiate auto" command to enable auto negotiation on 1-Gigabit ports when the connected peer does not support auto negotiation. By default, auto-negotiation is enabled on 1-Gigabit ports and disabled on 10-Gigabit ports.
       |4. Cisco does not recommend to enable auto negotiation on 10-Gigabit ports. Enabling auto-negotiation on 10-Gigabit ports brings the link down. By default, link negotiation is disabled on 10-Gigabit ports.
       |NOTE: A shut and no shut to the interface may be required after the aforementioned configuration change.""".stripMargin,
  RemediationStepCondition.VENDOR_FORTINET ->
    """|
       |1. Monitor hardware network operations and speed by using the "diag hardware deviceinfo nic <interface>" FortiOS command.
       |2. Run the command "diag hardware deviceinfo nic <interface>" command to display a list of hardware related names and values. Review the next link for more details: http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-toubleshooting-54/troubleshooting_tools.htm
       |3. Run the hidden FortiOS command "fnsysctl cat /proc/net/dev" to get a summary of the interface statistics.
       |4. Check for a mismatch in the speed and duplex interface settings on both sides of a cable, or for a damaged cable. Try to manually configure both sides to the same mode when you can. Review the next link "Symptoms of Ethernet speed/duplex mismatches" for more info: http://kb.fortinet.com/kb/documentLink.do?externalID=10653""".stripMargin,
  RemediationStepCondition.VENDOR_BLUECOAT ->
    """
      |1. Login via ssh to the ProxySG, run the command "show interface <interface>" and review the current link status.
      |2. Check for a mismatch in the speed and duplex interface settings on both sides of a cable, or for a damaged cable.
      |3. Try to manually configure both sides to the same mode when you can #(config interface adapter_number:interface_number) full-duplex.
    """.stripMargin
)