I use this and can report it works VERY
well. The one caveat – I don’t believe it supports ver 7.x code.
I’ve written the list a few times but never heard back.
To implement is quite easy. Modify your /usr/OV/conf/netmon.seed
file (assumes some flavor of Unix/Linux)
Add entries similar to this then bounce
netmon
# Start PIX Failover firewall section(
> )
# Remark with pix name here
>ip_addr of primary pix
>ip_addr of failover pix
That’s it. When a failover occurs,
the device will go yellow and when you drill down you’ll see purple
(meaning the secondary is running as the primary) You can also do a demand
poll and see which is active.
From:
nv-l-bounces AT lists.ca.ibm DOT com [mailto:nv-l-bounces AT lists.ca.ibm DOT com] On Behalf Of Leslie Clark
Sent: Friday, December 08, 2006
8:48 AM
To: Tivoli NetView Discussions
Subject: Re: [NV-L] cisco pix
firewall
Actually. netmon will monitor that failover for you and
generate a special event when it occurs. See the Fixpack 4 release notes:
PIX Firewall
Failover support
IBM
Tivoli NetView provides support for monitoring the Cisco PIX Firewall Failover
conditions. NetView can monitor the failover state of the PIX devices during
normal status polling. When a failover occurs, a new event is generated
announcing whether the active addresses are on the primary or secondary device.
In addition, the operator can see on the map when the active addresses are on
the secondary device, which indicates that a failover has occurred and action
should be taken to prevent a further failure that disables the firewalls. The
management interface shows USER2 status, which is usually purple (by default).
This propagates to change the PIX device symbol to marginal. When the active
addresses are returned to the primary device, an event announces this fact and
the status on the map returns to Normal.
Use the
netmon.seed file to configure both the PIX Firewall Failover machines and to
set and lock the SNMP address.
For more information on the PIX Firewall Failover
support see the /usr/OV/doc/PixFailoverReadme.pdf file.
Cordially,
Leslie A. Clark
IT Services Specialist, Network Mgmt
Information Technology Services Americas
IBM Global Services
(248) 552-4968 Voicemail, Fax, Pager
|
"Catalina Martinez"
<Catalina.Martinez AT tlc.state.tx DOT us>
Sent
by: nv-l-bounces AT lists.ca.ibm DOT com
12/08/2006 10:23 AM
|
Please
respond to
Tivoli NetView Discussions <nv-l AT lists.ca.ibm DOT com>
|
|
|
To
|
"Tivoli NetView Discussions"
<nv-l AT lists.ca.ibm DOT com>
|
|
cc
|
nv-l AT lists.us.ibm DOT com
|
|
Subject
|
[NV-L] cisco pix firewall
|
|
Hello,
Running Netview 7.1.4 FP 4, AIX 5.2.. Cisco PIX 535 version 6.3
I've been tasked with creating an alert when the PIX fails over
(from primary to secondary / and vice versa). I currently have a separate
window when certain devices go down, and I also have pop-up windows when a link
down trap is received from a critical devices..
If I remember right, there is a trap that is sent when a PIX
fails over? If I can determine the right trap then I can use that to
generate a popup or email message. Is there any special configuration to
netmon.seed?
Has anyone successfully monitored a failover?
Thanks
Catalina
_______________________________________________
NV-L mailing list
NV-L AT lists.ca.ibm DOT com
Unsubscribe:NV-L-leave AT lists.ca.ibm DOT com
http://lists.ca.ibm.com/mailman/listinfo/nv-l
(Browser access limited to internal IBM'ers only)
