Announcing 5.4: New rule engine, Check Point 61000/41000 support

Welcome 5.4!

In this release we’ve included phase one of our infrastructure operations platform, added new content and as well as Check Point 41k/61k support. In addition, specific feature requests and bugfixes were included. Please reach out to our support team to get the updated release.

IMPORTANT NOTE TO ALL USERS: Starting with 5.4, the licensing mechanism is attached to the indeni instance’s unique identifier (uid) and not the IP address. This allows customers to not only change the IP of their indeni instance, but also set up cold active/standby high-availability in case the primary indeni instance is down or is cut off from the network. To set up cold active/standby, please reach out to our support team.

New content:

  • New Rule Engine: With this release, a new rule engine has been incorporated into the product. In the future it will allow partners, consultants and customers to write their own checks on top of indeni’s infrastructure operations platform. This is an early version of the engine. If you are interested in learning more, please email product@indeni.com.
  • IK-2449: Support Check Point 61k/41k – initial support (Check Point firewalls). This includes:
    • CPU, memory, swap and disk utilization
    • Tracking of number of connections and alerting when a drastic drop in connections occurs
    • Blade status tracking (up, down, flapping)
    • License tracking
    • Network port utilization, drops, errors
  • Ability to alert when specific logs are found matching regular expression patterns. Sample patterns included with this release:
    • outed.*quitting because too many sockets open
    • routed.*Exit routed
    • fwha_.*
    • cul_load_.*
    • Port .*?: Down
    • PPPoE session failed to connect
    • NAT Hide failure.*
    • Invalid username/password
    • Failed to check .*? content upgrade info due to generic communication error
    • Failed password for.*
    • Drive error detected
    • Chassis Master Alarm:
    • Auto update agent failed to download new content
    • .*internal error – invalid port.*
    • .*[Ll]ogin denied.*
    • .*? job failed for user Auto update agent

NOTE: The support for Check Point 61k/41k was built entirely on the new rule engine included in this release.

Select new signatures:

Select bugfixes and minor improvements:

  • IS-1862: Support HTTPS proxy for indeni insight
  • IS-1844: Treat chassis devices (61k, 41k, Crossbeam, 7080, etc.) separately for licensing purposes
  • IS-1437: Use indeni instance ID for licensing instead of IP address (allow IP address changes for indeni devices)
  • IS-920: SNMP traps: change flow to use indeniNewAlertTrap every time that an alert becomes active instead of only sending indeniAlertStatusUpdateTrap
  • IK-2510: Bugfix: indeni continues to backup a device after it’s removed from the backup schedule
  • IK-2495: SecureXL templates are partially disabled’ does not alert for VSs (Check Point firewalls)
  • IK-2494: Inaccurate parsing of firewall kernel memory in ‘fw ctl pstat’ (Check Point firewalls)
  • IK-2493: Monitoring Suspended due to unexpected mpstat output
  • IK-2479: Failing to discover MDM using RADIUS-based login (Check Point firewalls)
  • IK-2448: Cache HKLM_registry output to reduce bandwidth usage (Check Point firewalls)
  • IK-2447: Improve ‘lsof’ command usage to reduce data usage
  • IK-2442: Failed to Communicate alerts: send via email when these occur
  • IK-2408: Contract expired/about to expire’ alerts should only display the contract and add reference to SmartUpdate (Check Point firewalls)
  • IK-2405: “Use of NTP servers configured but not operational” add details even when all NTP servers are not synced (All devices)
  • IK-2339: Swap memory usage should always alert if swap is used (reduce alerting threshold to 1%) (All devices)
  • IK-1979: Sync loss events have occurred – possible sync network issue (SA#35136)’ false positive in case of policy installation, set a threshold for alerting to 5 sync loss events (Check Point firewalls)
  • IK-2497: Errors appear in the indeni web console due to devices being deleted