VERSION: I’m currently using Zabbix Server version 4.4.10.
WHAT: I’m monitoring up/down on a client’s perimeter firewalls, and the on call FW Engineers have been getting escalations for FW down when it’s a circuit issue. I’m trying to find a way to adapt our monitoring to cut down on these false positives.
HISTORY: In the past it’s been set up to ping the external IP of the firewall, and the gateway router outside that firewall. Then a trigger dependency was created so if the gateway router is down then the firewall trigger is suppressed. There have recently been some architectural changes with my client that made this setup obsolete.
PLAN: My thought is to set up ping monitors for the internal and external interfaces of the firewalls, and to only alert if both interfaces become unreachable. The logic being that if one interface is up then the firewall is up, and the outage is most likely a circuit issue.
TESTING: I’ve done some testing with a single multi-homed host to see how this might work.
I have been searching these forums, Reddit, and Google, but I haven’t found any way to set this up the way I need to. I may be overthinking it, or maybe there’s another way I’m not familiar with. Any advice on how to get this working would be appreciated.
Thanks,
Marland
WHAT: I’m monitoring up/down on a client’s perimeter firewalls, and the on call FW Engineers have been getting escalations for FW down when it’s a circuit issue. I’m trying to find a way to adapt our monitoring to cut down on these false positives.
HISTORY: In the past it’s been set up to ping the external IP of the firewall, and the gateway router outside that firewall. Then a trigger dependency was created so if the gateway router is down then the firewall trigger is suppressed. There have recently been some architectural changes with my client that made this setup obsolete.
PLAN: My thought is to set up ping monitors for the internal and external interfaces of the firewalls, and to only alert if both interfaces become unreachable. The logic being that if one interface is up then the firewall is up, and the outage is most likely a circuit issue.
TESTING: I’ve done some testing with a single multi-homed host to see how this might work.
- First I tried adding a second ping monitor to the same firewall Host in Zabbix. I cloned the existing check, and renamed it to ping-monitor-2. When I clicked ‘Add’ I got the following error:
ERROR: Details Cannot add item
Item with key "icmpping[,4]" already exists on "FW1”
- I decided to set up 2 hosts in Zabbix (FW1-EXT, FW1-INT).
- Then I set up a trigger to fire an alert notification if the interface is unreachable for 5 minutes.
- The next step was to create trigger dependencies for both interfaces. (The plan was to make each trigger dependent on the other, and this is where it errors out. Error listed below.)
Example:
Host 1
Name: FW1-EXT
Items: Ping Monitor (Simple check, icmpping[,4])
Triggers: {HOST.NAME} ICMP Availability
Expression: icmpping[,4].avg(#5)}=0
Dependencies: FW1-INT icmp availability
Host 2
Name: FW1-INT
Items: Ping Monitor (Simple check, icmpping[,4])
Triggers: {HOST.NAME} ICMP Availability
Expression: icmpping[,4].avg(#5)}=0
Dependencies: FW1-EXT icmp availability
ERROR: Details Cannot update trigger
Cannot create circular dependencies.
Name: FW1-EXT
Items: Ping Monitor (Simple check, icmpping[,4])
Triggers: {HOST.NAME} ICMP Availability
Expression: icmpping[,4].avg(#5)}=0
Dependencies: FW1-INT icmp availability
Host 2
Name: FW1-INT
Items: Ping Monitor (Simple check, icmpping[,4])
Triggers: {HOST.NAME} ICMP Availability
Expression: icmpping[,4].avg(#5)}=0
Dependencies: FW1-EXT icmp availability
ERROR: Details Cannot update trigger
Cannot create circular dependencies.
I have been searching these forums, Reddit, and Google, but I haven’t found any way to set this up the way I need to. I may be overthinking it, or maybe there’s another way I’m not familiar with. Any advice on how to get this working would be appreciated.
Thanks,
Marland
Comment