Policy mismatch across cluster members-checkpoint-gaia,secureplatform

Policy mismatch across cluster members-checkpoint-gaia,secureplatform
0

Policy mismatch across cluster members-checkpoint-gaia,secureplatform

Vendor: checkpoint

OS: gaia,secureplatform

Description:
indeni will identify when two devices are part of a cluster and alert if the policy installed is different.

Remediation Steps:
Review the policy installed on each device in the cluster and ensure they are the same.

How does this work?
An MD5 hash is calculated along with the policy name.

Why is this important?
If all members of a cluster do not have the same security policy installed, unexpected issues can arise after a failover.

Without Indeni how would you find this?
An administrator could login and manually check which policy is installed, and when it was installed, comparing between all cluster members.

chkp-policy-fingerprint-novsx

name: chkp-policy-fingerprint-novsx
description: Retrieve policy name and unique identifier
type: monitoring
monitoring_interval: 5 minutes
requires:
    vendor: checkpoint
    or:
    -   os.name: gaia
    -   os.name: secureplatform
    vsx:
        neq: true
    role-firewall: 'true'
comments:
    policy-installed-fingerprint:
        why: |
            If all members of a cluster do not have the same security policy installed, unexpected issues can arise after a failover.
        how: |
            An MD5 hash is calculated along with the policy name.
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: ${nice-path} -n 15 fw stat && ${nice-path} -n 15 md5sum $FWDIR/state/local/FW1/local.str
    parse:
        type: AWK
        file: policy-fingerprint-novsx.parser.1.awk

cross_vendor_compare_policy_fingerprint

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/cross_vendor_compare_policy_fingerprint.scala