This is a real life sample alert from Indeni
Over the period of the last 300 seconds there has been an increase of 1 MB in the size of the log file ($FWDIR/log/fw.log). This is a fairly high number, indicating that it is possible that the firewall cannot reach its log servers or has a slow connection to them.
indeni will re-check this alert every 1 minute. If indeni determines the issue has been resolved, it will automatically be flagged as such.
Manual Remediation Steps:
Check all hardware connections as well as any equipment (such as switches and hubs). If the log traffic is sent over VPN, check the VPN tunnels as well. SK40090 may provide further guidance on this.
How does this alert work?
indeni monitors the size of the fw.log file and alerts if it’s rate of growth is more than 1MB per 5 minutes (these thresholds can be changed).
Check Point appliances refresh: how do you compare?
- Proxy ARP entries removed
- Firewall Connection Table Limit Approaching or Reached
- High memory usage
- Two cluster members differ in their SecureXL configuration
- High firewall kernel memory usage has been measured
- Potential high latency on SFP cards
- On-board NICs used on an open server
- A NIC and fw_worker shouldn’t be assigned to the same core
- Cluster member down due to NIC error
- Monitored or Permanent VPN tunnel(s) down
- DNS servers configured but responding too slowly
- VPN gateway is dropping unexpected clear packets
- Policy installation resulted in high CPU load, cluster may failover
- Sync redundancy should use a bond interface, not separate interfaces
- Stateful Inspection disabled, possible security risk
- Certain 10Gb NICs in use may deliver slow performance
- LDAP server’s SSL fingerprint doesn’t match saved fingerprint
- ARP table is approaching its limits
- Hosts file corrupted or missing entries
- Possible memory leak identified in confd
- ClusterXL magic MAC conflict identified
- Firewall log file increase rate critical – possible connectivity loss to log server
- Gateway cannot access certificate authority