Policy mismatch across cluster members-checkpoint-gaia,secureplatform
Vendor: checkpoint
OS: gaia,secureplatform
Description:
indeni will identify when two devices are part of a cluster and alert if the policy installed is different.
Remediation Steps:
Review the policy installed on each device in the cluster and ensure they are the same.
How does this work?
An MD5 hash is calculated along with the policy name.
Why is this important?
If all members of a cluster do not have the same security policy installed, unexpected issues can arise after a failover.
Without Indeni how would you find this?
An administrator could login and manually check which policy is installed, and when it was installed, comparing between all cluster members.
chkp-policy-fingerprint-novsx
name: chkp-policy-fingerprint-novsx
description: Retrieve policy name and unique identifier
type: monitoring
monitoring_interval: 5 minutes
requires:
vendor: checkpoint
or:
- os.name: gaia
- os.name: secureplatform
vsx:
neq: true
role-firewall: 'true'
comments:
policy-installed-fingerprint:
why: |
If all members of a cluster do not have the same security policy installed, unexpected issues can arise after a failover.
how: |
An MD5 hash is calculated along with the policy name.
can-with-snmp: false
can-with-syslog: false
steps:
- run:
type: SSH
command: ${nice-path} -n 15 fw stat && ${nice-path} -n 15 md5sum $FWDIR/state/local/FW1/local.str
parse:
type: AWK
file: policy-fingerprint-novsx.parser.1.awk
cross_vendor_compare_policy_fingerprint
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/cross_vendor_compare_policy_fingerprint.scala