Required interface(s) down-checkpoint-all

Required interface(s) down-checkpoint-all

Vendor: checkpoint

OS: all

Description:
iClusterXL requires a certain number of interfaces to be up for the member to be considered OK.

Remediation Steps:
Determine why the interfaces are down and resolve the issue.

cphaprob_a_if_novsx

name: cphaprob_a_if_novsx
description: run "cphaprob -a if" on non-vsx
type: monitoring
monitoring_interval: 1 minute
requires:
    vendor: checkpoint
    high-availability: 'true'
    vsx:
        neq: true
    clusterxl: 'true'
    role-firewall: true
    or:
        - os.version.num:
            compare-type: version-compare
            op: "<"
            value: "80.40"
        - and:
            - os.version: R80.30
            - hotfix-jumbo-take:
                compare-type: version-compare
                op: "<"
                value: "215"
comments:
    cphaprob-required-interfaces:
        why: |
            ClusterXL defines a certain number of interfaces which are required to be up for the cluster to be considered
            healthy. If there are less than these actually up, the cluster is not in a healthy state and traffic flow may be affected.
        how: |
            By using the Check Point built-in "cphaprob" command, the information is retrieved.
        can-with-snmp: false
        can-with-syslog: false

    cphaprob-required-secured-interfaces:
        why: |
            ClusterXL defines a certain number of secured (sync) interfaces which are required to be up for the cluster
            to be considered healthy. If there are less than these actually up, the cluster is not in a healthy state
            and traffic flow may be affected.
        how: |
            By using the Check Point built-in "cphaprob" command, the information is retrieved.
        can-with-snmp: false
        can-with-syslog: false

    cphaprob-up-interfaces:
        why: |
            To check the healthy state of the cluster interfaces important factor for Cluster stability and redundancy
        how: |
            By Checking the input of Check Point clusterXL command "cphaprob -a if"
        can-with-snmp: false
        can-with-syslog: false

    cluster-vip:
        why: |
            This is the list of cluster virtual IP addresses also called floating IP adddresses for the cluster interfaces.
        how: |
            By using the Check Point built-in "cphaprob" command, the information is retrieved.
        can-with-snmp: false
        can-with-syslog: false

    clusterxl-ccp-mode:
        why: |
            ClusterXL can operate in different modes, multicast or broadcast. All members of the same clusters should have the same setting to ensure redundancy works correctly.
        how: |
            By using the Check Point built-in "cphaprob" command, the information is retrieved.
        can-with-snmp: false
        can-with-syslog: false

    cphaprob-up-secured-interfaces:
        why: |
            To check the status of the "Sync" interface is up
        how: |
            By running the command "cphaprob -a if"
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: ${nice-path} -n 15 cphaprob -a if
    parse:
        type: AWK
        file: cphaprob-a-if-novsx.parser.1.awk

cphaprob_a_if_novsx

name: cphaprob_a_if_novsx
description: run "cphaprob -a if" on non-vsx
type: monitoring
monitoring_interval: 1 minute
requires:
    vendor: checkpoint
    high-availability: 'true'
    vsx:
        neq: true
    clusterxl: 'true'
    role-firewall: true
    or:
        - os.version.num:
            compare-type: version-compare
            op: "<"
            value: "80.40"
        - and:
            - os.version: R80.30
            - hotfix-jumbo-take:
                compare-type: version-compare
                op: "<"
                value: "215"
comments:
    cphaprob-required-interfaces:
        why: |
            ClusterXL defines a certain number of interfaces which are required to be up for the cluster to be considered
            healthy. If there are less than these actually up, the cluster is not in a healthy state and traffic flow may be affected.
        how: |
            By using the Check Point built-in "cphaprob" command, the information is retrieved.
        can-with-snmp: false
        can-with-syslog: false

    cphaprob-required-secured-interfaces:
        why: |
            ClusterXL defines a certain number of secured (sync) interfaces which are required to be up for the cluster
            to be considered healthy. If there are less than these actually up, the cluster is not in a healthy state
            and traffic flow may be affected.
        how: |
            By using the Check Point built-in "cphaprob" command, the information is retrieved.
        can-with-snmp: false
        can-with-syslog: false

    cphaprob-up-interfaces:
        why: |
            To check the healthy state of the cluster interfaces important factor for Cluster stability and redundancy
        how: |
            By Checking the input of Check Point clusterXL command "cphaprob -a if"
        can-with-snmp: false
        can-with-syslog: false

    cluster-vip:
        why: |
            This is the list of cluster virtual IP addresses also called floating IP adddresses for the cluster interfaces.
        how: |
            By using the Check Point built-in "cphaprob" command, the information is retrieved.
        can-with-snmp: false
        can-with-syslog: false

    clusterxl-ccp-mode:
        why: |
            ClusterXL can operate in different modes, multicast or broadcast. All members of the same clusters should have the same setting to ensure redundancy works correctly.
        how: |
            By using the Check Point built-in "cphaprob" command, the information is retrieved.
        can-with-snmp: false
        can-with-syslog: false

    cphaprob-up-secured-interfaces:
        why: |
            To check the status of the "Sync" interface is up
        how: |
            By running the command "cphaprob -a if"
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: ${nice-path} -n 15 cphaprob -a if
    parse:
        type: AWK
        file: cphaprob-a-if-novsx.parser.1.awk

clusterxl_insufficient_nics_novsx

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/checkpoint/ClusterXLInsufficientNicsNoVsxRule.scala