SNAT translation has an indefinite timeout configured-f5-all
Vendor: f5
OS: all
Description:
A SNAT translation object with an indefinite idle timeout could result in stalled connections and resource exhaustion. It is good practice to set a timeout to the smallest possible finite value that your applications allows.
Remediation Steps:
Reconfigure your SNAT translation objects with the lowest finite value that your application allows.
How does this work?
This alert uses the iControl REST interface to extract the SNAT translation configurations.
Why is this important?
A SNAT translation object with an indefinite idle timeout could result in stalled connections and resource exhaustion. It is good practice to set a timeout to the smallest possible finite value that your application allows.
Without Indeni how would you find this?
An adminstrator could login to the device through SSH, execute the command “tmsh -c ‘cd /;list ltm snat-translation recursive’”. Then for each configured SNAT translation, verify that the idle timeout values is not set to “indefinite”.
f5-rest-mgmt-tm-ltm-snat-translation
name: f5-rest-mgmt-tm-ltm-snat-translation
description: Get SNAT translation idle timeout values
type: monitoring
monitoring_interval: 60 minutes
requires:
vendor: f5
product: load-balancer
rest-api: 'true'
comments:
lb-snat-translation-indefinite-idle-timeout:
why: |
A SNAT translation object with an indefinite idle timeout could result in stalled connections and resource exhaustion. It is good practice to set a timeout to the smallest possible finite value that your application allows.
how: |
This alert uses the iControl REST interface to extract the SNAT translation configurations.
can-with-snmp: false
can-with-syslog: false
steps:
- run:
type: HTTP
command: /mgmt/tm/ltm/snat-translation?$select=fullPath,ipIdleTimeout,tcpIdleTimeout,udpIdleTimeout,enabled
parse:
type: JSON
file: rest-mgmt-tm-ltm-snat-translation.parser.1.json.yaml
F5SNATTranslationIndefiniteTimeoutRule
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/f5/F5SNATTranslationIndefiniteTimeoutRule.scala