Join @indeni Tweet Sweep at CPX 2017

 Tweeting for prizes for CPX? Yes, please!

indeni is thrilled to participate in our fifth consecutive year at Check Point Experience (CPX). As one of the major firewalls indeni covers, we love connecting with the Check Point community year after year. In order to connect with each of you, we are kicking off the @indeni Tweet Sweep to open up the conversation even before CPX! Tweet at @indeni your answers to the weekly questions posted on our Guide to CPX and collect your prizes at our CPX booth!

@indeni Tweet Sweep of the Week:

What was your favorite CPX + indeni memory

from CPX 2016 in Chicago?

How can you participate?

Did you say prizes?!

  • 1 tweet = 1 indeni sticker
  • 3 tweets = 1 indeni T-shirt
  • 10 tweets = WIN A DRONE!
           (While supplies last)

How do I get my prizes?

  • Stop by our booth at CPX
  • Show us your tweets
  • Claim your prizes!!

Q: I am having trouble thinking of good tweets…

A: No Problem! Here are some ideas for this weeks Tweet Sweep:

  • @indeni I realized what it means to be truly proactive. Preloaded knowledge running around the clock versus a red light/green light. Thanks
  • @indeni I spoke with indeni’s CEO/founder, @yonadavl, about indeni’s knowledge around VPN Tunnels & expired contracts. Exciting work!
  • @indeni I took a selfie with the indeni team!
  • @indeni  who knew indeni could alert me to expiring licenses, learned that in their demo at CPX
  • @indeni  in a sea of blue smiley faces lies a change in how security and operational teams look at their environment.
  • I saw a great live demo at the @indeni  booth…the smiley face t-shirt was a great bonus, too!
    (Feel free to share a photo of you wearing your T-Shirt!)
  • @indeni the Nerf Guns still crack me up
  • Got drinks with @indeni  after day 2. The team is very knowledgeable and dedicated to their smiley face shirts!
  • @indeni  made the expo floor fun and stimulating. I am looking forward to seeing what they do this year!
  • @indeni  I spotted the indeni team at a Happy Hour by their Smiley Face T-Shirts. Great talking to a fun group of people!

In conclusion

CPX is 6 weeks away but the fun can start now! Check back for next week’s tweet of the week.

Good Luck!

Check out our Check Point solutions here.

How to monitor F5 devices – SNMP vs API vs SSH

F5 has many ways of interfacing with their products and when writing monitoring we had to do some research which one is more suitable in terms of performance. After all, monitoring should not harm the device it monitors. When choosing methods we looked into iControl REST, SNMP and TMSH. See below for how this test was conducted and which one won.

The best way to monitor F5 – How the test was conducted

We ran each type ~20 minutes continuously through command-runner. While running the tests the web interface was used to make sure that the web interface responsiveness was up to par.

The commands to run each test

#REST
while true; do
command-runner.sh full-command –basic-authentication user,password rest-pool-statistics.ind 10.10.10.10
done
#tmsh
while true; do
command-runner.sh full-command –ssh user,password ./show-ltm-pool-detail-raw-recursive.ind 10.10.10.10
done
#SNMP
while true; do
command-runner.sh full-command –ssh user,password ./snmp-pool-statistics.ind 10.10.10.10
done

Results

The test started out with 283 pools (with 200 additional ones created just for this test). However, when trying the tmsh command, command-runner timed out, so we had to reduce to the original 83 pools and rerun the test using rest to make it fair.

  • Test 1: REST = 283 pools
  • Test 2: Tmsh = 83 pools
  • Test 3: SNMP = 83 pools
  • Test 4: REST (take 2) = 83 pools

4 hour graph

24 hour graph for reference

REST

  • Did not produce any timeouts in the GUI in any of the two tests.
  • Always produced results.
  • Management interface only became sluggish one time during the second attempt. Most likely because of the already high swap usage created by the TMSH tests.

TMSH

TMSH produced these once in awhile:

  • When that happened you can see the gaps in the graph. It is unknown what the gap after the graph was because we was working on the snmp metrics at that time.
  • TMSH also failed to give results sometimes.
  • Forced to run with fewer metrics than rest in order to even get a result.

SNMP

  • Truncated the pool names sometimes. It is unclear why ast was always done on long names, but different lengths.
  • Did not produce any timeouts in the GUI.
  • Always produced results.
  • Did not have as many metrics as REST since the exact same metrics was not available in one command (pool state and availability is missing).
  • Management interface became a bit sluggish on and off.

Conclusion

Over all REST won the test with SNMP as second. TMSH did not even qualify as it takes up very large amounts of memory and swap which negatively affected the overall system.

Thank you to Patrik Jonsson for contributing this article.

How to select script monitoring authentication types

Considerations when selecting authentication types

Choosing an authentication method for monitoring your infrastructure devices might sound easy at first glance. After all, a monitoring script would only need read-only, right? Wrong.

Monitoring with indeni goes beyond what normal monitoring tools does. The goal of indeni is to detect problems before they occur, saving you hours of troubleshooting and root cause analysis down the road. To get early detection indeni needs access to the advanced shell. Let’s take a look at what this means on F5 devices.

Example: Selecting authentication types for F5 devices

On an F5, having access to the advanced shell means that the user in question must have administrator access. Also, iControl REST requires the user to be locally authenticated up until version 11.5.4. This means that for systems running versions up to 11.5.4 using RADIUS for authentication administrators will have to resort to the local admin account for REST calls.

On top of that if a system has configured authentication and authorization using RADIUS there is no way of setting the shell to advanced shell on any version. So yet again, administrators must resort to the local admin account in order to set the proper permissions.
We have gone above and beyond to avoid using local admin accounts by investing a lot of time running monitor commands via TMSH. However, this has turned out to cause harm to the system due to TMSH using way too much memory. So what does this mean? In order for get the most out of using indeni, administrators will have to configure authentication according to the following table:

Version
Authentication
Authorization
User
11.5.4 and earlier
Any
Any
Local admin (with SSH access)
11.6.0 and later
Remote
Remote
Local admin (with SSH access)
11.6.0 and later
Local
Local
Any account with role Administrator and shell set to Advanced Shell
11.6.0 and later
Remote
Local
Any account with role Administrator and shell set to Advanced Shell

Thank you to Patrik Jonsson for contributing this article.