How to monitor STORMSHIELD SNS security

What is Stormshield SNS?

Stormshield Network Security (SNS) devices are firewalls providing high-performance network protection.

SNS firewalls provide real time protection: Network segmentation, Intrusion prevention system (IPS), Intrusion detection system (IDS), High availability, Cloud based sandboxing. Control and monitoring: URL filtering, Content filtering, Geolocation of IPs, Detection of vulnerabilities. Secure communication: Site-to-site and mobile IPSec VPN, Mobile SSL VPN.

Stormshield SNS monitoring

This package is designed to monitor a Stormshield SNS using SNMP.

This package automatically configures the ServicePilot Agent to collect statistics from the Stormshield SNS on which SNMP Service has been configured. The statistics gathered in this way include:

• Network: Ping Response Time and Interfaces activity
• System: CPU and memory
• Environment: Fan, Temperature and Power Supply

Requirements

• SNMP service must be configured and started on the targeted Stormshield SNS (Security: read-only SNMP community and allowed host must be set).

• Network Flows - It is necessary to ensure network connectivity between ServicePilot and the monitored device.

  • UDP/161 (SNMP): Between ServicePilot Agent and Stormshield SNS
  • ICMP/Echo Request (Ping): Between ServicePilot Agent and Stormshield SNS
  • UDP/162 (SNMP Trap): (Optional) Between Stormshield SNS and ServicePilot Agent

Installation

Before adding a resource to monitor, make certain that all pre-requisites are in place.

Follow the documentation to add a resource to ServicePilot.

Key field notes

1. General tab:
2. IP address/FQDN: Specify the IP address of the Stormshield SNS, as resolvable by the machine on which ServicePilot Agent is running
3. Interfaces: Enable automatic interface discovery
4. Interface Filter: include only network interfaces with network connection names matching this pattern. If the first character of this field is a ! then exclude interfaces instead. The field is a | separated list of interface network connection names with * wildcard characters allowed. If the pattern starts and ends with / then this field is a regular expression instead.
5. Custom interface speeds (bps) separated with '|': For network interfaces that do not report correct interface speeds (for example, asymmetric interfaces), a | separated list of speed overrides can be specified. Each element of the list consists of an SNMP interface table index or name or alias, an incoming speed and an outgoing speed, comma separated.
6. Custom interface names separated with '|': To override the name of an interface specify a | separated list of interface index or interface name and new name, comma separated.
7. Discover only connected interfaces: When looking for new interfaces, ignore all interfaces that are currently disconnected

Note: Each element name in the list is a regular expression as defined by Like Operator (Visual Basic)

1. Monitoring Options tab:

2. ICMP Ping: Include ICMP Ping reachability and latency

3. Firewall Health: Enable firewall health monitoring

4. Services: Enable services monitoring

5. CPU Temperatures: Enable CPU Temperatures monitoring

6. Disks: Enable disk monitoring

7. PSUs: Enable PSU monitoring

8. Fans: Enable fan monitoring

9. Routes: Enable route monitoring

10. Autoupdates: Enable autoupdate monitoring

11. In the Policies tab, specify the policy or policies to apply to the resource

Notes

MIBs Used:

• RFC1213-MIB2
• UCD-SNMP-MIB
• STORMSHIELD-ALARM-MIB
• STORMSHIELD-PROPERTY-MIB
• STORMSHIELD-HEALTH-MONITOR-MIB
• STORMSHIELD-SYSTEM-MONITOR-MIB
• STORMSHIELD-SERVICES-MIB
• STORMSHIELD-ROUTE-MIB
• STORMSHIELD-AUTOUPDATE-MIB

Notes

The following can be added to the servicepilot.conf file to categorize Stormshield SNS Traps.

snmpTraps:  trapCategorizationRules:  - traprule: "snsNotification;;;1.3.6.1.4.1.11256.1.6;enterpriseSpecific;1;;;STORMSHIELD-ALARM-MIB;Notification: snsATime {value1}, snsASif {value2}, snsASaddr {value3}, snsADaddr {value4}, snsAMessage {value5};normal;false;"

How to install a stormshield-sns resource?

1. Use your ServicePilot OnPremise installation or a SaaS account.
2. Add a new stormshield-sns resource via the web interface (/prmviews or /prmresources) or via API (/prmpackages page), the default ServicePilot agent or another agent will be provisioned automatically.

Details of the stormshield-sns package are located in the /prmpackages page of the software.

Benefits

ServicePilot enables you to deliver IT services faster and more securely with automated discovery and advanced monitoring features.

By correlating the technology STORMSHIELD SNS with APM and infrastructure monitoring, ServicePilot is able to provide a more comprehensive view of an organization's IT environment.

This allows IT teams to quickly identify and diagnose issues that may be impacting application performance, and take corrective action before end-users are affected.

Start with a free trial of our SaaS solution. Explore ourplans or contact us to find what works best for you.