RE: [NV-L] cisco pix firewall

["Catalina Martinez" <Catalina.Martinez@tlc.state.tx.us>]

I need clarification on a couple of things:

1) when you use > is it only for the failover address or do I enter it for both primary and secondary ip addresss..

FirewallP - 10.30.3.18

FirewallS-  10.30.3.19

 

I enter on the seed file..

>10.30.3.18

>10.30.3.19

 

2) since I already have the devices discovered, do a demandpoll to "lock" the primary or secondary status?  how does it know which one is primary or secondary?

 

thanks

---

From: nv-l-bounces@lists.ca.ibm.com [mailto:nv-l-bounces@lists.ca.ibm.com] On Behalf Of James Shanks
Sent: Friday, December 08, 2006 12:52 PM
To: Tivoli NetView Discussions
Subject: RE: [NV-L] cisco pix firewall

 

It doesn't get added to trapd.conf or the event command until 7.1.5. Until you migrate you can use this.

IBM_PIXFAIL_EV {1.3.6.1.4.1.2.6.3} 6 58916987 N 5 0 "Status Events"
$3
EVENT_CLASS TEC_ITS_PIXFAIL_STATUS
BEGIN_SLOT_MAPPING
nvhostname $NV_IPADDR
msg $V3
pix_state $V8
END_SLOT_MAPPING
SDESC
This event is generated by NetView when
it detects that a PIX Firewall failover state has changed.

The data passed with the event are:
1) ID of application sending the event
2) Host name or IP address
3) Formatted description of the event
(either the PRIMARY or SECONDARY node is now ACTIVE)
4) Host name or IP address
5) Database name
6) Selection Name
7) (not used)
8) state (FAILOVER or RECOVERED)
EDESC

James Shanks
Level 3 Support for Tivoli NetView for UNIX and Windows
Network Availability Management
Network Management - Development
Tivoli Software, IBM Corp
"Catalina Martinez" <Catalina.Martinez@tlc.state.tx.us>

"Catalina Martinez" <Catalina.Martinez@tlc.state.tx.us>
Sent by: nv-l-bounces@lists.ca.ibm.com

12/08/2006 01:22 PM

Please respond to
Tivoli NetView Discussions <nv-l@lists.ca.ibm.com>

To	"Tivoli NetView Discussions" <nv-l@lists.ca.ibm.com>
cc
Subject	RE: [NV-L] cisco pix firewall

 

Thank you.. what is the trap that is sent?.. the doc states "send the event "PIX Firewall failover state change".. I looked under the event configuration and can not find it in nv6000 events. I can use this event to generate an email or popup

thanks again…

---

From: nv-l-bounces@lists.ca.ibm.com [mailto:nv-l-bounces@lists.ca.ibm.com] On Behalf Of Leslie Clark
Sent: Friday, December 08, 2006 10:48 AM
To: Tivoli NetView Discussions
Subject: Re: [NV-L] cisco pix firewall


Actually. netmon will monitor that failover for you and generate a special event when it occurs. See the Fixpack 4 release notes:

PIX Firewall Failover support

IBM Tivoli NetView provides support for monitoring the Cisco PIX Firewall Failover conditions. NetView can monitor the failover state of the PIX devices during normal status polling. When a failover occurs, a new event is generated announcing whether the active addresses are on the primary or secondary device. In addition, the operator can see on the map when the active addresses are on the secondary device, which indicates that a failover has occurred and action should be taken to prevent a further failure that disables the firewalls. The management interface shows USER2 status, which is usually purple (by default). This propagates to change the PIX device symbol to marginal. When the active addresses are returned to the primary device, an event announces this fact and the status on the map returns to Normal.

Use the netmon.seed file to configure both the PIX Firewall Failover machines and to set and lock the SNMP address.

For more information on the PIX Firewall Failover support see the /usr/OV/doc/PixFailoverReadme.pdf file.

Cordially,

Leslie A. Clark
IT Services Specialist, Network Mgmt
Information Technology Services Americas
IBM Global Services
(248) 552-4968 Voicemail, Fax, Pager

"Catalina Martinez" <Catalina.Martinez@tlc.state.tx.us>
Sent by: nv-l-bounces@lists.ca.ibm.com

12/08/2006 10:23 AM

 

Please respond to
Tivoli NetView Discussions <nv-l@lists.ca.ibm.com>

To	"Tivoli NetView Discussions" <nv-l@lists.ca.ibm.com>
cc	nv-l@lists.us.ibm.com
Subject	[NV-L] cisco pix firewall

 

Hello,

Running Netview 7.1.4 FP 4, AIX 5.2.. Cisco PIX 535 version 6.3

I've been tasked with creating an alert when the PIX fails over (from primary to secondary / and vice versa). I currently have a separate window when certain devices go down, and I also have pop-up windows when a link down trap is received from a critical devices..

If I remember right, there is a trap that is sent when a PIX fails over? If I can determine the right trap then I can use that to generate a popup or email message. Is there any special configuration to netmon.seed?

Has anyone successfully monitored a failover?

Thanks

Catalina

_______________________________________________
NV-L mailing list
NV-L@lists.ca.ibm.com
Unsubscribe:NV-L-leave@lists.ca.ibm.com
http://lists.ca.ibm.com/mailman/listinfo/nv-l (Browser access limited to internal IBM'ers only)_______________________________________________
NV-L mailing list
NV-L@lists.ca.ibm.com
Unsubscribe:NV-L-leave@lists.ca.ibm.com
http://lists.ca.ibm.com/mailman/listinfo/nv-l (Browser access limited to internal IBM'ers only)

_______________________________________________
NV-L mailing list
NV-L@lists.ca.ibm.com
Unsubscribe:NV-L-leave@lists.ca.ibm.com
http://lists.ca.ibm.com/mailman/listinfo/nv-l (Browser access limited to 
internal IBM'ers only)