jnxFirewall alarms: Help File

jnxFirewall alarms: Help File

jnxFirewall alarms are informational and indicate a possible denial of service attack occurring on the network.  Absent a call from a user about performance issues, there is no need to contact anyone, but this information can be used to help correlate a trouble call to an issue.

General workflow is as follows;

1) scraper collects Byte/Packet firewall counters from Juniper equipment.
2) data is stored to RRD by FIDO rrd writer.
3) data is thresholded by process_rrd_3.  violations produce a FIDO alarm, and web reports are also created daily/weekly/monthly.

The process rrd 3 configs are found at:

[m7h@pascal process_rrd_3]$ ls -l /usr/local/process_rrd_3/fido_jnxFirewall_alarms*
-r--r--r-- 1 net net   267 Apr 28 16:07 /usr/local/process_rrd_3/fido_jnxFirewall_alarms.absolute.thresholds
-r--r--r-- 1 net net 16179 Apr 28 20:12 /usr/local/process_rrd_3/fido_jnxFirewall_alarms.config
-r--r--r-- 1 net net 16203 Apr 28 20:12 /usr/local/process_rrd_3/fido_jnxFirewall_alarms_packets.config
-r--r--r-- 1 net net   111 Apr 28 10:19 /usr/local/process_rrd_3/fido_jnxFirewall_alarms.percent.thresholds

A complicated ruleset for determining a threshold for a given Byte/Packet policer is inside fido_jnxFirewall_alarms.config.  Things taken into account include interface speed, filter/counter name, type [policer vs count vs discard].

Tweaks to the formula are located inside the *.thresholds files.  Current thresholds can be examined by viewing the password protected data file linked off the FIDO information page for the jnxFirewall tests.

Thresholds are set after observing traffic patterns with a goal of no false alarms [which means it'll likely miss some events].

The following lines are needed for FIDO
jnxFirewall: Help File
jnxFirewall_packets: Help File

See Also:

Keywords:jnxFirewall alarms: Help File   Doc ID:50975
Owner:Michael H.Group:University of Wisconsin System Network
Created:2015-04-30 09:36 CDTUpdated:2016-10-24 11:47 CDT
Sites:Systems & Network Control Center, University of Wisconsin System Network
Feedback:  0   0