SecureXL configuration mismatch across cluster members-checkpoint-False

SecureXL configuration mismatch across cluster members-checkpoint-False
0

SecureXL configuration mismatch across cluster members-checkpoint-False

Vendor: checkpoint

OS: False

Description:
indeni will identify when two devices are part of a cluster and alert if the SecureXL settings are different for different VS’s.

Remediation Steps:
Compare the output of “fwaccel stat” across members of the cluster, make sure to run the command in the correct vsenv context.

How does this work?
By using the Check Point built-in “fwaccel stat” command, the current status of SecureXL is retrieved and, given that there are more than one member in the cluster, compared between the cluster members.

Why is this important?
SecureXL is used to accelerate traffic. If it is disabled it could result in a reduction in the amount of throughput the device can handle. If used in a clustered environment, the user must ensure all members of the cluster have the same setting.

Without Indeni how would you find this?
An administrator could login and manually run the command.

chkp-fw-accel-stat-novsx

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/parsers/src/checkpoint/firewall/fwaccel-stat-novsx.ind

checkpoint_compare_securexl_setting_vsx

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.checkpoint

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.SnapshotComparisonTemplateRule
/**
  *
  */
case class checkpoint_compare_securexl_setting_vsx() extends SnapshotComparisonTemplateRule(
  ruleName = "checkpoint_compare_securexl_setting_vsx",
  ruleFriendlyName = "Check Point Cluster (VSX): SecureXL configuration mismatch across cluster members",
  ruleDescription = "indeni will identify when two devices are part of a cluster and alert if the SecureXL settings are different for different VS's.",
  metricName = "securexl-status",
  applicableMetricTag = "vs.id",
  isArray = false,
  alertDescription = "The members of a cluster of Check Point firewalls must have the same SecureXL settings.\n\nThis alert was added per the request of <a target=\"_blank\" href=\"http://il.linkedin.com/pub/gal-vitenberg/83/484/103\">Gal Vitenberg</a>.",
  baseRemediationText = """Compare the output of "fwaccel stat" across members of the cluster, make sure to run the command in the correct vsenv context.""")()