Palo Alto Networks Firewalls Alert Guide: Group ID Conflict Detected

This is a real life sample alert from indeni alert guide for Palo Alto Firewalls.

 

Description:

This cluster has the same Group ID as the other clusters listed below. A conflict may arise if they share a VLAN with this cluster.

Other Clusters:

buny-fw1 (10.10.24.1)

Manual Remediation Steps:

Consider changing the Group ID. For more information, see DOC-5843.

How does this alert work?

indeni automatically identifies the HA clusters in the environment and then compares the Group ID that is set on the active member of each of those clusters.

For even more alerts and in depth analysis to make your network high availability and failure proof, check out our device management solution for PAN Firewalls.

Proxy ARP Entries Removed – Check Point Firewalls Optimized Performance

This is a real life sample alert from the indeni guide to preemptive maintenance for Check Point Firewalls.

Description:

This firewall used to have (51) proxy ARP entries. They have disappeared suddenly from the output of “fw ctl arp”. Proxy ARP behavior may be impacted.

Manual Remediation Steps:

If this is due to an interface being taken down, please verify that “fw ctl arp” provides the correct output after the interface being turned back on. If it doesn’t, contact technical support.
If this is not due to an interface being taken down, we recommend you contact technical support. Please review SK98740 and SK93534.

How does this alert work?

indeni runs the “fw ctl arp” command every few minutes and identifies when there is a major change in the response.

Firewall in Maintenance Mode. Palo Alto Network Alert Guide

indeni, cisco

This is a real life sample alert from our indeni alert guide for Palo Alto Networks Firewall.

Description:

The firewall has entered maintenance mode due to an unknown reason. indeni will stop collecting data from this firewall until it exits maintenance mode.

Manual Remediation Steps:

Connect to the firewall using SSH (see DOC-5719) and determine the cause.

How does this alert work?

indeni uses a mix of SSH, API calls and SNMP to communicate with Palo Alto Networks firewalls. If it identifies that the firewall is in maintenance mode (for example, via SSH), it will alert.