How Customers Use Check Point Firewalls Around the Globe

In order to conduct the in-depth analysis of configuration and stats on network devices we collect very large amounts of data. For our customers, this data is very useful in benchmarking their network versus other networks around the world. We call this service indeni Insight.

Below is an aggregation of some of the data we’ve collected through this service. We are providing it to help the wider community consider how their network behaves as well as their future plans.

If you are interested in benchmarking your own network within an hour’s work, try indeni today. Once the system is set up reach out to and we’ll do everything else.

Announcing indeni 5.4: New rule engine, Check Point 61000/41000 support

Welcome 5.4!

In this release we’ve included phase one of our infrastructure operations platform, added new content and as well as Check Point 41k/61k support. In addition, specific feature requests and bugfixes were included. Please reach out to our support team to get the updated release.

IMPORTANT NOTE TO ALL USERS: Starting with 5.4, the licensing mechanism is attached to the indeni instance’s unique identifier (uid) and not the IP address. This allows customers to not only change the IP of their indeni instance, but also set up cold active/standby high-availability in case the primary indeni instance is down or is cut off from the network. To set up cold active/standby, please reach out to our support team.

New content: Continue reading

Announcing the future of infrastructure health

Today I’m excited to announce our platform for infrastructure health. Before I go into what we’ve just done, let me explain why.

What’s the current status of infrastructure health?

What exactly is broken in infrastructure operations? Why are enterprises around the world still grappling with downtime?

Our research, as well as that of others, points to the human element. Over 70% of all outages are caused by human error. This is baffling – the people responsible for running the infrastructure are some of the smartest people out there. I meet them regularly, they know their job well. Many of them have a decade or more of experience in what they do. Still, mistakes occur. Why is that?

Continue reading

2016: A Year Of New Opportunities

Welcome to 2016! By now you’ve probably read all of the vendors’ “predictions” for 2016, are done with the holiday celebrations and are ready to implement your New Year’s resolutions. For me, starting a new year always brings excitement with it – thinking about everything we can achieve. It is like standing in front of freshly cut grass before a soccer game: The smell in the air, how clean the grounds are and the potential for big things to happen.

At indeni, we have great plans for 2016, which I will detail below. But first, let’s look back at 2015:

Continue reading

Announcing indeni 5.3: more than 400 improvements!


Welcome 5.3!

In this release we’ve included over 400 improvements to the underlying infrastructure and bugfixes, added new content and expanded our Palo Alto Networks firewalls’ support. Please reach out to our support team to get the updated release.

IMPORTANT NOTE TO CHECK POINT USERS: Starting with 5.3, indeni no longer uses port 8181 to communicate with the firewall. The advantages of using port 8181 prior to 5.3 are now built into the use of port 22, the standard SSH port.

NOTE: Customers who require support of a given product version prior to the main release can contact and a running build will be provided.

Select new signatures: Continue reading

Check Point Users: You Are Not Ready for June 5th, 2016

UPDATE May 31st 2016: Check Point has updated the SK. The rollout of SHA-256 has been postponed to June 5th 2016.

Back in April 2015, Check Point published SK103839. In it, Check Point informs its customers that the update services for the various software blades will start using SHA-256 instead of SHA-1. This is in response to reports that SHA-1 has weaknesses that, if not already overcome by hackers, may be overcome as soon as 2018. Check Point is not alone in this effort, Google and other vendors are at it, too.

As the SK states, “To ensure the connectivity of Check Point software to Check Point online update services that use SHA-256 based certificates, a hotfix is required. Check Point highly recommends to install this hotfix to maintain the aforementioned update services functionality.”. In other words – if you’re not on R77.30, you should install the hotfix on all of your firewalls and management servers before November.

Continue reading

Announcing indeni 5.2: Palo Alto Networks beta, improvements and bugfixes

Welcome 5.2!

In this release we’ve included many improvements to the underlying infrastructure and bugfixes, as well as kicked off the beta for our support of Palo Alto Networks firewalls. Please reach out to our support team to get the updated release. Note that between minor releases (such as 5.1 and 5.2) we make interim releases with new content and bugfixes on a weekly basis. You may have received a previous release of 5.2, which we recommend you upgrade to the newest one announced today.

New products and versions supported:

  • BETA of Palo Alto Networks firewalls running PAN-OS 6.x.x. If you are interested in joining the beta, fill out the form.
  • IK-1675: Support CP R77.30
  • IK-1840: Fortigate: Added support for FortIOS V5.2.1

NOTE: Customers who require support of a given product version prior to the main release can contact and a running build will be provided.

Select new signatures:

  • IK-1677: Firewall is running with a trial license (Check Point)
  • IK-1836: Enhanced “BIG-IP node availability issue detected” (F5)
  • IK-1825: ConfigSync operational status issues (F5)
  • IK-2020: The BIG-IP system is near or out of disk space or inodes (SOL12263, SOL14403) (F5)
  • IK-2021: “Possible multicast or broadcast loop on SFP NICs detected” (F5)
  • IK-1834: “Load balancer node connection limit nearing (or reached)” (F5)
  • IK-1831: “Number of active members in pool is lower than required” (F5)
  • IK-1835: “Pool member connection limit nearing (or reached)” (F5)
  • IK-1827: “SSL transactions per second (TPS) limit nearing or reached” (F5)

Bugs fixed and minor improvements:

  • IK-1674: “A NIC has failed recently (SA#24915)”: reduced the number of log lines shown
  • IK-1518: “Cluster Members Identical Kernel Parameter Values Verification (SA#66322)”: additional dynamic parameters ignored
  • IK-1859: “DNS server resolution test failed” – eliminate false positive in Cisco devices
  • IK-1672: “Errors have been found in packets received by NIC (SA#24915)” triggered for very low packet count
  • IK-1704: “Communication with device suspended due to 2 reboots” false positive
  • IK-1712: “Hardware has reached end of support” is auto-resolving
  • IK-1683: “Hardware temperature sensor reading too high” false positive
  • IK-1391: “High storage usage has been measured” doesn’t show list of large files in Cisco devices
  • IK-1871: “HSRP cluster members differ in VLAN configuration” false positive
  • IK-1858: “License(s) have expired” false positive for CP licenses with expiration “never”
  • IS-1349: “Max SSH Session Count” remains at default
  • IK-1976: “Monitoring Suspended” creating too many alerts
  • IK-1958: “NAT cache (fwx_cache) table limit approaching or reached” false positive
  • IK-1879: “NAT connections (fwx_alloc) table limit approaching or reached” false positive
  • IK-1901: “RX traffic drastically reduced post fail over, possible ARP issue” add specific interface details
  • IK-1919: “SecureXL templates are partially disabled” false positive
  • IK-1914: “Some members of the same cluster are not being monitored” false positive
  • IK-1731: “Some proxy ARPs required by NAT are missing” – signature removed
  • IS-1000: “Some received packets have been dropped by NIC (SA#24915)” – duplicate text in e-mail alert details
  • IK-1628: “Two cluster members differ in their routing tables” failing to create alert
  • IK-1870: “Use of NTP is configured but no servers are defined” false positive
  • IK-1684: “Voltage too high or too low” false positive
  • IK-1702: “Voltage too high or too low” – don’t alert if hi/low limits are unknown
  • IS-1454: Backup: sometimes old backups are not deleted
  • IK-1501: “Proxy ARP is enabled” flapping in Cisco
  • IK-1696: GAiA R77.10: Replace use of ckp_regedit with cpinfo
  • IK-1846: ClusterXL member differences alerts are referring to the wrong cluster members
  • IK-2133: Configuration Check – “Hotfix(es) Installed” does not handle comma delimited string of HFs correctly
  • IS-1077: Connection to SecurePlatform with SSH private key fails
  • IK-1741: Correctly identify device model for CP 21700
  • IK-1742: Correctly identify device model for CP 4400
  • IK-1670: Live Configuration – all NICS are showing as Down
  • IK-1856: Hardware alert false positives from Check Point open server
  • IS-1346: Prevent “service indeni4it start” from starting the application more than one time
  • IK-1690: “Route overlap identified” – don’t alert when next-hop is the same
  • IK-1688: NIC stats alerts (e.g. packet errors) should contain the total number of packets that we compare against
  • IK-2066: SmartCenter degradation due to hanging “fw log” processes
  • IK-1993: SmartCenter backup: use “migrate export” for R75.40 and above
  • IK-2067: Reduce “sshd[xxx]: Did not receive identification string from <indeni server>” in device messages log
  • IS-1037: Update by UPD fails to restart the service
  • IK-1966: Crossbeam discovery failure
  • IS-1453: Backup Report – empty “Failed Backups” section header
  • IS-1348: Scheduled Reports delivery does not follow DST changes
  • IS-1441: F5 – wc should not show the groups common/device_trust_group and common/gtm
  • IS-1036: E-mail Alerts: remove PDFs from e-mail alerts
  • S-1019: Tools-Troubleshooting – add “cpstat os -f sensors” for Check Point firewalls
  • IS-1765: Alert Report – add alert timestamps&nbsp;
  • IS-1060: Alerts e-mails – add alert timestamp

indeni is Short-Listed for the 2015 Red Herring Top 100 North America Award

San Mateo, CA – May 18th, 2015 – indeni announced today it has been short-listed for Red Herring’s Top 100 North America award, a prestigious list honoring the year’s most promising private technology companies from the North American business region.

Red Herring has been selecting the most exciting and promising start-ups and “scale ups” since 1995. Finalists are still evaluated individually from a large pool of hundreds of candidates based across North America. Twenty major criteria underlie the scoring and process. They include, among others: the candidate company’s addressable market size, its IP and patents, its financing, the proof of concept, trailing revenues and management’s expertise. Each company goes through an individual interview after filling out a thorough submission, complemented by a due diligence process. The list of finalists often includes the best performing and prominent companies of that year.

“We are excited to be short-listed for the award”, commented Yoni Leitersdorf, indeni’s CEO and Founder. “2015 has been an amazing year for us and Red Herring’s recognition is greatly appreciated.”

Announcing indeni 5.1: F5© BIG-IP© support, many improvements

We’re excited to announce version 5.1. While this version has been generally available for a few months now, it has had improvements added to it over the past two months.

New product versions supported:

  • F5© BIG-IP© 11.x

New signatures:

  • The following are some of the F5-related signatures included in this release:
    • Identify node availability issues
    • Pool member connection limit nearing or reached
    • Load balancer connection limit nearing or reached
    • Number of active members in a pool lower than threshold
    • Number of SSL Transactions per Second nearing license limit
    • ConfigSync state not OK
    • Reaper process started
    • Cross check certain log lines with

Bugs fixed and minor improvements:

  • WC-2051: Network Health left-side widgets empty in some cases
  • IS-1365: Discovery of analyzed devices was sometimes slow due to a behavior issue with CentOS’s /dev/random
  • IS-1363: NIC details were not indexed by the Search feature in certain cases
  • IS-1346: Prevent “service indeni4it start” from starting the application more than one time
  • IS-1087: RADIUS authentication with one-time tokens resulted in lockouts
  • IK-1951: VPN debug messages contain partial information
  • IK-1924: “Coredumping setting not as desired” Profile Check – FP
  • IK-1914: “Some members of the same cluster are not being monitored” FP
  • IK-1856: Hardware alert FPs on Check Point Open Servers
  • IK-1626: SNMP monitoring – “Device clock appears to be set incorrectly” FP
  • IK-1919: “SecureXL templates are partially disabled” FP
  • IK-1871: “HSRP cluster members differ in VLAN configuration” FP
  • IK-1670: Live Configuration – all NICS are showing as Down
  • IK-1852: indeni server’s disk filled up without any storage alerts
  • IK-1847: Failed to Communicate alert: wrong details when Check Point shell is not bash
  • WC-1800: Performance of rendering of the list of devices has been improved
  • WC-2061: Network Health – scrolling alerts show acknowledged alerts
  • IS-922: Ignored items list was sometimes cleared instead of stored
  • IS-1371: Full text search improved to increase coverage and improve result sorting
  • IS-1357: “fwaccel stat” added to debug report for Check Point firewalls
  • IS-1088: Improvement to the performance of the generation of inventory reports
  • IK-1901: “RX traffic drastically reduced post fail over, possible ARP issue” add specific interface details

“Renewing indeni is a no brainer”

I just got off the phone with one of our customers, a multi-billion-dollar enterprise that I’m 100% certain every single US-based reader of this post will recognize. However, I can’t mention them by name.

They have been our customer for two years now and have just renewed their contract. For us, that’s a great show of belief in what we do and something I don’t take for granted.

We are the ultimate SaaS: our software grows on an on-going basis. Many SaaS companies charge you a monthly or annual subscription even though their software changes very little during that time. We at indeni, charge annual subscriptions because our software grows constantly, on a daily basis. That’s a real service.

So, renewals are equally as important to us as the first purchase a customer makes. These renewals help fund the growth of our software. Like many other high-growth startups, we invest every dime we make in growing. No profits, no dividends, just growth.

So I asked this customer: “why did you renew?”. His answer:

  • indeni delivers on its promise of identifying issues in his estate (mostly Check Point firewalls in his case).
  • The support and services we deliver are exceptional.
  • To do what indeni does, he’d need to hire 5 developers, and indeni is a fraction of that cost.
  • His company’s focus is on bringing in more automation into IT so they can focus on business processes. “Less cleaning the drains and fixing the pipes. Moving from the slow ITIL approach to the rapid DevOps where possible.”

He summarized it with: “renewing indeni is a no brainer”.

And that, my friends, is why I’m doing what I do.