Network port(s) running in half duplex-checkpoint-ipso

Network port(s) running in half duplex-checkpoint-ipso
0

Network port(s) running in half duplex-checkpoint-ipso

Vendor: checkpoint

OS: ipso

Description:
Indeni will alert one or more network ports is running in half duplex.

Remediation Steps:
Many times ports are in half duplex due to an autonegotation error or a misconfiguration.
Review sk83760: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk83760",

How does this work?
The duplex of the interface is retrieved by running “ifconfig -a”.

Why is this important?
If the interface has half-duplex setting, this will reduce throughput, and should be investigated.

Without Indeni how would you find this?
An administrator could login and manually check interface configuration, or use SNMP.

chkp-ipso-interfaces-novsx

name: chkp-ipso-interfaces-novsx
description: Get interface information
type: monitoring
monitoring_interval: 1 minute
requires:
    vendor: checkpoint
    and:
    -   os.name: ipso
    -   or:
        -   vsx:
                neq: 'true'
        -   mds: 'true'
comments:
    network-interface-state:
        why: |
            Interfaces in the "down" state could result in downtime or reduced redundancy.
        how: |
            The state of the interface is retrieved by running "ifconfig -a".
        without-indeni: |
            An administrator could login and manually check interface status, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-admin-state:
        why: |
            If the interface is disabled, then it is okay for it to be down. If the interface is enabled however, it should be up.
        how: |
            The state of the interface is retrieved by running "ifconfig -a".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-speed:
        why: |
            If the interface speed is set to a low value, this could mean auto-negotiation is not working correctly and the interface does not utilize the full bandwidth available.
        how: |
            The speed of the interface is retrieved by running "ifconfig -a".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-duplex:
        why: |
            If the interface has half-duplex setting, this will reduce throughput, and should be investigated.
        how: |
            The duplex of the interface is retrieved by running "ifconfig -a".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-ipv4-address:
        why: |
            To be able to search for IP addresses in indeni, this data needs to be stored.
        how: |
            The IP address of the interface is retrieved by running "ifconfig -a".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP, WebUI or SmartDashboard.
    network-interface-ipv4-subnet:
        why: |
            To be able to search for IP addresses in indeni, this data needs to be stored.
        how: |
            The subnet of the interface is retrieved by running "ifconfig -a".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP, WebUI or SmartDashboard.
    network-interface-type:
        why: |
            The type of interface can be useful for administrators.
        how: |
            The type of the interface is retrieved by running "ifconfig -a".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface or SNMP.
    network-interface-mtu:
        why: |
            The MTU sometimes needs to be adjusted. Storing this gives an administrator an easy way to view the MTU from a large number of devices, as well as identifying incorrectly set MTU.
        how: |
            The MTU of the interface is retrieved by running "ifconfig -a".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-mac:
        why: |
            To be able to search for MAC addresses in indeni, this data needs to be stored.
        how: |
            The MAC address of the interface is retrieved by running "ifconfig -a".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-description:
        why: |
            The description is an important way to identify interfaces.
        how: |
            Retrive the information by parsing the IPSO database in /config/active.
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-tx-bytes:
        why: |
            It is useful to know how much data has been transmitted by the interface.
        how: |
            How many bytes sent by the interface is retrieved by running "netstat -idb".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-rx-bytes:
        why: |
            It is useful to know how much data has been received by the interface.
        how: |
            How many bytes received by the interface is retrieved by running "netstat -idb".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-tx-packets:
        why: |
            It is useful to know how many packets have been transmitted by the interface.
        how: |
            How many packets sent by the interface is retrieved by running "netstat -idb".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-rx-packets:
        why: |
            It is useful to know how many packets have been received by the interface.
        how: |
            How many packets received by the interface is retrieved by running "netstat -idb".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-tx-errors:
        why: |
            Transmit errors on an interface could indicate a problem.
        how: |
            The amount of transmit errors for the interface is retrieved by running "netstat -idb".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interface-rx-dropped:
        why: |
            Dropped packets on an interface could indicate a problem and potential traffic loss.
        how: |
            The amount of receive drops for the interface is retrieved by running "netstat -idb".
        without-indeni: |
            An administrator could login and manually check interface configuration, or use SNMP.
        can-with-snmp: true
        can-with-syslog: false
        vendor-provided-management: |
            This is only accessible from the command line interface, SNMP or WebUI.
    network-interfaces:
        skip-documentation: true
    network-interface-:
        skip-documentation: true
steps:
-   run:
        type: SSH
        file: show-interfaces-all-novsx.remote.1.bash
    parse:
        type: AWK
        file: show-interfaces-all-novsx.parser.1.awk

cross_vendor_network_port_duplex_half

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.ruleengine.expressions.conditions.{Equals => RuleEquals}
import com.indeni.ruleengine.expressions.data.SnapshotExpression
import com.indeni.server.rules.library.RuleHelper._
import com.indeni.server.rules.{RemediationStepCondition, RuleCategory, RuleContext}
import com.indeni.server.rules.library.templates.SingleSnapshotValueCheckTemplateRule
import com.indeni.server.rules.library.RuleHelper

/**
  *
  */
case class cross_vendor_network_port_duplex_half() extends SingleSnapshotValueCheckTemplateRule(
  ruleName = "cross_vendor_network_port_duplex_half",
  ruleFriendlyName = "All Devices: Network port(s) running in half duplex",
  ruleDescription = "Indeni will alert one or more network ports is running in half duplex.",
  ruleCategories = Set(RuleCategory.VendorBestPractices),
  metricName = "network-interface-duplex",
  applicableMetricTag = "name",
  alertItemsHeader = "Ports Affected",
  alertDescription = "One or more ports are set to half duplex. This is usually an error. Review the list of ports below.",
  baseRemediationText = "Many times ports are in half duplex due to an autonegotation error or a misconfiguration.",
  complexCondition = RuleEquals(RuleHelper.createComplexStringConstantExpression("half"), SnapshotExpression("network-interface-duplex").asSingle().mostRecent().value().noneable),
  secondaryCondition = c => networkInterfaceAdminState(c.tsDao, expected = 1.0))(
  RemediationStepCondition.VENDOR_CP -> "Review sk83760: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk83760",
  RemediationStepCondition.VENDOR_PANOS -> "https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Display-Port-Information-Connected-Media-Interface/ta-p/61715",
  RemediationStepCondition.VENDOR_CISCO ->
    """|
       |1. Use the "show interface" NX-OS command to display speed and duplex settings of an interface.
       |2. Use the "show interface status" and "show interface capabilities" NX-OS commands to gather more information about ports.
       |3. You can disable link negotiation using the "no negotiate auto" command. Use the "negotiate auto" command to enable auto negotiation on 1-Gigabit ports when the connected peer does not support auto negotiation. By default, auto-negotiation is enabled on 1-Gigabit ports and disabled on 10-Gigabit ports.
       |4. Cisco does not recommend to enable auto negotiation on 10-Gigabit ports. Enabling auto-negotiation on 10-Gigabit ports brings the link down. By default, link negotiation is disabled on 10-Gigabit ports.
       |NOTE: A shut and no shut to the interface may be required after the aforementioned configuration change.""".stripMargin,
  RemediationStepCondition.VENDOR_FORTINET ->
    """|
       |1. Monitor hardware network operations and speed by using the "diag hardware deviceinfo nic <interface>" FortiOS command.
       |2. Run the command "diag hardware deviceinfo nic <interface>" command to display a list of hardware related names and values. Review the next link for more details: http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-toubleshooting-54/troubleshooting_tools.htm
       |3. Run the hidden FortiOS command "fnsysctl cat /proc/net/dev" to get a summary of the interface statistics.
       |4. Check for a mismatch in the speed and duplex interface settings on both sides of a cable, or for a damaged cable. Try to manually configure both sides to the same mode when you can. Review the next link "Symptoms of Ethernet speed/duplex mismatches" for more info: http://kb.fortinet.com/kb/documentLink.do?externalID=10653""".stripMargin,
  RemediationStepCondition.VENDOR_BLUECOAT ->
    """
      |1. Login via ssh to the ProxySG, run the command "show interface <interface>" and review the current link status.
      |2. Check for a mismatch in the speed and duplex interface settings on both sides of a cable, or for a damaged cable.
      |3. Try to manually configure both sides to the same mode when you can #(config interface adapter_number:interface_number) full-duplex.
    """.stripMargin
)