Monitor firewall

Danny · October 22, 2020, 5:53am

Does anyone know a plugin with which I can monitor firewall with icinga2 .
mainly looking for watchguard

Regards
Danny

rsx · October 22, 2020, 6:36am

In such cases I always start looking at Nagios Exchange and Icinga Exchange.

Danny · October 22, 2020, 6:52am

Hi Roland thanks for the reply

I couldn’t find anything in icinga exchange but in nagios exchange uses configuration wizard
here .
Is the same or in different approach can be done with icinga with the help of director ?

Any help is appreciated

Thanks and Regards,
Danny

rsx · October 22, 2020, 7:05am

I’m sorry but I’m not familiar with NagiosXI nor any of these plugins. In general, any plugin that fulfills the development guidelines can be integrated into icinga resp. director.

stevie-sy · October 22, 2020, 8:13am

Hi,

besides to the mentioned links from @rsx it would be very helpful to get addional informations what do you expect? And also what do you want exactly to monitor?

Local Firewalls from Linux/Windows/…-systems? Is it enough if the daemon is running?
HW firewall from your company? Is is an appliance or a special Linux server? Is it possible to run an icinga agent? Do you have remote access? Exists an api?
Check if zones are configured?
Check if ports are open?
Check if configured permissions are working?
Check logfiles for specific events?
etc. etc.

If I think back when i read the docs from firewalld this is just a comprehensive topic. I don’t envy my colleagues from the security department.

Danny · October 26, 2020, 11:44am

Hi @stevie-sy
Thanks for your reply

Need to monitor Watch guard (Hardware firewall) to check the cpu usage,Bandwidth usage,Connections active,also need to monitor diffrent cisco switches and Mikrotik routers

Is it possible to Netflow to show historical and in real time data with icinga2?

stevie-sy · October 27, 2020, 7:31am

Hi,

Sorry, I don’t know either watch guard or netflow. Maybe other people in the community know this hardware. But you could check the docs if you could access an api or check via snmp.

For switches and router existing diffrent check on linked site above. Very often community member are using check_nwc and check_interfaces. Look into their docs if your hardware is supported. If not you can always try to access with snmp. Also here you have to check the docs for the correct MIB and OID.

About real time data: I have no experience with real time check in Icinga, maybe others. Icinga triggers only check scripts/programs in a certain interval and process the reteurn value. So you have set the check_period very high like every x sec. You have to test this with your setup if this works good.