Unsolved
This post is more than 5 years old
9 Posts
0
4560
December 15th, 2016 08:00
Questions about creating a dynamic model for a firewall
Dear colleagues,
I am starting to work with dynamic modelling and found a couple of questions I can't find an answer for.
Basically, I want to extend a model for a firewall, gather a couple of additional OIDs and use a custom threshold from the UI.
This is where we currently are:
/*
* pp_fw_palo_alto.mdl - model file for Perimeter Protecion Palo Alto firewalls - IP domain(s)
* FIELD CERTIFICATION FILE
*
*/
interface PP_FW_PALO_ALTO_Status_Setting : ICF_PollingSetting
{
refine stored DisplayName
= "PP Palo Alto firewall Environment";
refine stored RuleSet
= "devstat/pp_fw_palo_alto_setting.asl";
refine stored TargetClass = "ICIM_UnitaryComputerSystem";
}
interface PP_FW_PALO_ALTO_Setting : ICF_Setting {
refine stored DisplayName
= "PP Palo Alto firewall Settings";
attribute int [0 .. 100] FwPaloAltopanSessionThreshold
"Session table utilization percentage threshold (%)."
= 50;
}
interface PP_FW_PALO_ALTO_Fault : ICIM_Instrumentation
{
instrument SNMP {
panMgmtPanoramaConnectedSNMP = "1.3.6.1.4.1.25461.2.1.2.4.1",
panSessionUtilizationSNMP = "1.3.6.1.4.1.25461.2.1.2.3.1"
};
instrumented attribute string panMgmtPanoramaConnectedSNMP
"Current Connection status to Panorama Server (connected, not-connected).";
instrumented attribute int panSessionUtilizationSNMP
"Current Session table usage (percentage).";
}
interface PP_FW_PALO_ALTO : UnitaryComputerSystem
{
propagate attribute int panSessionUtilization
"Current Session table usage (percentage)."
= PP_FW_PALO_ALTO_Fault, InstrumentedBy, panSessionUtilizationSNMP;
propagate attribute string panMgmtPanoramaConnected
"Current Connection status to Panorama Server (connected, not-connected)."
= PP_FW_PALO_ALTO_Fault, InstrumentedBy, panMgmtPanoramaConnectedSNMP;
propagate attribute int [0 .. 100] FwPaloAltopanSessionThreshold
"Session table utilization percentage threshold (%)."
= PP_FW_PALO_ALTO_Setting, InstrumentedBy, FwPaloAltopanSessionThreshold
event FwPaloAltoSessionUtilization
"The current Session table usage is too high."
= panSessionUtilization >= FwPaloAltopanSessionThreshold;
export FwPaloAltoSessionUtilization;
readonly string FwPaloAltoSessionUtilization_attributes()
definition:
return "THRESHOLD PCT panSessionUtilization > FwPaloAltopanSessionThreshold";
event FwPaloAltoPanoramaDisconnected
"Firewall disconnected from Panorama Server."
= panMgmtPanoramaConnected == "not-connected";
export FwPaloAltoPanoramaDisconnected;
}
My questions, which I hope some of you have an answer for:
1) This mdl fails because FwPaloAltopanSessionThreshold is used directly and it is only declared inside the "interface PP_FW_PALO_ALTO_Setting : ICF_Setting" block, what else should I add inside the "interface PP_FW_PALO_ALTO : UnitaryComputerSystem" so that I can compare the instrumented value against the threshold configured in the UI? (Also, is there any way to see the errors and troubleshoot them? I can only see that the class does not get created unless I replace FwPaloAltopanSessionThreshold with a value such as 50)
2) I never get to see values for the instrumented attributes when I look for panSessionUtilization and panMgmtPanoramaConnected in the attribute list for a firewall of this class. The attributes do appear, but they are greyed out and have no value. What else could I be missing? In other case I get the events, but I can never see the actual value neither in the attributes nor in the "Details" tab of the event.
3) How can I query a OID defined as a table and iterate it in order to generate alerts?
4) Last but not least: is there any decent manual or training about these topics? We only have the dynamic modelling doc, with a few simple exampleas and both support and Professional Services won't help us with this, which is surprising when least...
Thanks a lot for your time and apologies for the long message.
Regards and greetings from Spain,
Hector