07-22-2011 04:14 AM
We have some devices behind the DMZ that requires monitoring. ICMP is disabled but SNMP is allowed through the firewall. NNMi shows all the snmp information populated but the ip addresses are down because the firewall prevented all icmp traffic to that node. Is there a way to setup in NNMi9 to poll the status of the interfaces and ip addresses through SNMP and disable ICMP all together?
Thanks in advance,
07-22-2011 05:00 AM
you can define this in the monitoring configuration of NNMi. This monitors the snmp agent and also the interfaces (no ip addresses as there is no mib table with status or ip addresses).
HTH and kind regards
07-22-2011 05:13 AM
That's possible for it's the primary thing NNMi today does. What you have to do is define a rule(s) for the interfaces you want to monitor at Communication Configuration (the right rule order is import here). In you rule don't check 'Enable ICMP Fault Polling' and check 'Enable Interface Fault Polling' and 'Poll Unconnected interfaces' or 'Poll Interfaces Hosting IP Addresses'.
To find out which monitor rule NNMi uses to monitor an interface goto your NNMi console and select Inventory > Interfaces > mark (tickbox) for an interface in question > menu Action > Monitoring Settings. The monitoring configuration window will tell you a lot. Whether monitoring is applied on the basis of interface or node settings and which group does this for you. Success,
07-22-2011 05:54 AM
According to your guide this will disable icmp fault polling for all nodes in NNMi, Is there a way to only set this up for specific nodes that are behind the DMZ? I have already disabled ICMP under the communication settings for this specific node. I would like to turn on SNMP fault polling for that single device as well. Can this be done? Thanks.
07-22-2011 06:01 AM
sure. Go to Configuration > MONITORING CONFIGURATION and define a rule under Node Settings. You have to create a node group which contains your nodes in the DMZ (e.g. based on hostedIPAddress) and use this in the rule.
07-23-2011 03:31 AM
After implementing the suggestions above I am still unable to recieve the WAN int status. NNM shows that the IP Address is down and the interface as no status. Any suggestion?
07-25-2011 02:52 AM - edited 07-26-2011 10:54 PM
Looks like you monitoring rule doesn't hit the situation you want. The basic setup is as follows.
- Define a node group with the DMZ nodes in it.
- Define an interface group and add the DMZ node group to this group. Also add interface filters for the interface you want to monitor (you can define at additional filters a '... like *' to speed things up for the time being and fine tune it later).
- At monitoring configuration you can define now your rule. Create a rule with a low ordering number, the DMZ interface group you created, at fault monitoring tick mark only "Enable interface fault polling", at "extend the scope ..." tick mark only "Poll unconnected interfaces".
Go to Inventory > Interfaces > use the DMZ node group as list filter.
Check here the monitoring status of you interfaces. If it's not as you expected check which monitoring rule is being used by NNMi. You can check this by selecting the interface row > menu Action > Monitoring Settings. The second table is the one you're looking for. The first two rows here tell you which rule and type (can be either node or interface) was applied to monitor the interface. Hope this will help you a little.
07-26-2011 07:31 AM
Thanks for the detail description. I was able to get the monitoring to display correctly for the interfaces. There is only 1 slight change I had to make following your guideline. For step 3, instead of going into the communication configuration I went into the monitoring configuration and everything worked like a charm!
Thanks for the help guys!