Palo Alto Networks SSL Decryption Health with Indeni

With SSL encryption being such a crucial part of securing your network traffic, you can imagine it also is very important to your company that it works securely and optimally. The goal of this post is to cover the importance of SSL, why it should be decrypted, how it affects firewalls and lastly how Indeni […]

TCP packet out of state

Alert Headline: TCP packets dropped due to “out of state” error Description: Some TCP packets, and therefore connections, are being dropped due to an invalid state. In the firewall logs these appear as “TCP packet out of state”. The list of affected connections is below. The firewall keeps a state table that is used to […]

Connection Table Full

Alert Headline: Connection table limit approaching or reached Description: There are 24,125 concurrent connections while the limit is 25000. The connection table limit should be increased to ensure uninterrupted operation. Indeni will re-check this alert every 1 minute. If Indeni determines the issue has been resolved, it will automatically be flagged as such. Manual Remediation […]

Cluster Routing Table Mismatch: Check Point Firewall Alert Guide

Alert Headline: Two cluster members differ in their routing tables Description: The routing tables for the following two cluster members do not match: they show different static routes. This could cause in problems during failover or under load sharing. indeni will re-check this alert every 1 minute. If indeni determines the issue has been resolved, […]

Palo Alto Networks Firewalls Alert Guide: Group ID Conflict Detected

This is a real life sample alert from indeni alert guide for Palo Alto Firewalls.   Description: This cluster has the same Group ID as the other clusters listed below. A conflict may arise if they share a VLAN with this cluster. Other Clusters: buny-fw1 (10.10.24.1) Manual Remediation Steps: Consider changing the Group ID. For […]

Proxy ARP Entries Removed – Check Point Firewalls Optimized Performance

This is a real life sample alert from the indeni guide to preemptive maintenance for Check Point Firewalls. Description: This firewall used to have (51) proxy ARP entries. They have disappeared suddenly from the output of “fw ctl arp”. Proxy ARP behavior may be impacted. Manual Remediation Steps: If this is due to an interface being taken […]

Firewall in Maintenance Mode. Palo Alto Network Alert Guide

This is a real life sample alert from our indeni alert guide for Palo Alto Networks Firewall. Description: The firewall has entered maintenance mode due to an unknown reason. indeni will stop collecting data from this firewall until it exits maintenance mode. Manual Remediation Steps: Connect to the firewall using SSH (see DOC-5719) and determine the […]

F5 bigd process down

This is a real life sample alert from indeni Description: The F5 bigd process is down and has not restarted. Among its responsibilities, bigd runs the monitors for nodes, pool members and services. For more information, read SOL6967. Manual Remediation Steps: Review the logs to identify why the bigd process is down. indeni will attempt […]

Avatar
Posted by Matt Faraclas July 9, 2015 in Alerts, F5

F5 Too many RST packets sent

This is a real life sample alert from indeni from our F5 Load Balancing Methods Library Description: This device is being hit with too many connections that appear to have already been closed or never opened. It is possible the device is under DDoS attack. indeni has found this log message: May 18 12:49:43 JCNC-ADC1 […]

Avatar
Posted by Matt Faraclas June 4, 2015 in Alerts, F5

Firewall Connection Table Limit Approaching or Reached – Check Point Firewall Alerts

This is a real life sample alert from the indeni Check Point Firewall configuration guide.  Description: There are 248742 concurrent connections while the limit is 250000. The connection table limit should be increased to ensure uninterrupted operation. Manual Remediation Steps: Upgrading to the GAIA OS can resolve the need to set a connection table limit. […]

Pulling Data via SNMP, SSH or API – PAN Firewall Best Practices

When querying a firewall, what’s the best protocol to use? SNMP, SSH or API? If you are looking to integrate Palo Alto firewalls as part of some automated system – scripts, central NOC, software-defined-whatever, etc. – you’d want to hear what we have to share. You should also read this post if you like learning […]