DX Unified Infrastructure Management

Hi Folks,

In our environment, we have firewall in HA mode. One firewall is acting as active and other one acting as passive. 

Is there any possibility to configure alert if failover happened between these firewalls?

Please get back to us ASAP as we have a requirement that has to be done at priority.

Regards,

Padmaja.

The short answer is yes.

The much longer answer is that it depends on the details. One would start by looking at what the firewall does when it fails over; does it send an SNMP message, for instance, that you could configure the SNMP probe to capture and alert on?

Or maybe syslog?

Does the failed firewall make the network link inactive when it's failed? If so, you might be able to use net_connect to ping the individual interfaces to see if they're active.

Hi Garin,

Thanks for your response and sorry for the delay in getting back to you. In our environment, when the fail over happens, the flow of traffic will be changed from one firewall to another firewall. It doesn't make the passive link down.Only the HA pair state changes.

Can you suggest us how can we monitor this change of firewall HA pair status?

Regards,

Padmaja.

To quote Garin "answer is that it depends on the details"

Kind of a life lesson type of thing, when requesting help, in most cases the quality of the help provided depends upon the quality of the request.

So we have been provided with "the flow of traffic will be changed".

There are products designed specifically for network monitoring such as: PM, Spectrum, NFA. 

Within UIM snmpcollector, and if there is a specific OID which shows the firewall state change, snmpget.

If it's a Cisco ASA firewall, that's out of the box functionality with Spectrum:  Cisco ASA (Adaptive Security Appliance) Devices Failover - CA Spectrum - 10.3.1 - CA Technologies Documentation