This playbook describes steps to resolve issues when LAN Monitoring is configured and the Cato Cloud can't reach a host behind a site.
Note
Note: This is an Early Availability (EA) feature that is only available for limited release. For more information, contact your Cato Networks representative or send an email to ea@catonetworks.com.
When you define hosts in LAN Monitoring, a PoP in the Cato Cloud sends ICMP packets to verify that the host is up and running. When the host doesn't respond to the defined threshold of messages, the host is considered down and an event is generated that the host is unreachable.
This playbook contains steps you can take to:
-
Verify that the host is down.
-
Remediate the issue.
-
Verify that the host is restored and the Cato Cloud has resumed monitoring it.
The LAN Monitoring feature lets you define hosts behind a site by their IP address, and the Fault Threshold for the host (the maximum number of consecutive failed ICMP tests). A PoP in the Cato Cloud sends ICMP tests to the host, if the host fails to respond to the specified number of ICMP tests, it is considered down, and an event is automatically generated. You can also choose to send an email notification when a host is unreachable.
When the connectivity between the host and the PoP is restored, a new event is generated that the host is reachable.
For more information, see Working with LAN Monitoring for a Site.
These are different ways that a Cato Management Application admin can verify that a host can't connect to the Cato Cloud or to the Internet:
-
LAN Monitoring event with the action Host Unreachable
-
Use the LAN hosts unreachable preset filter and adjust the time frame if necessary
-
-
LAN Monitoring email notification
-
When email notifications are enabled for a LAN Monitoring rule, emails are sent to the mailing list (can include non-admins)
-
This section discusses different Cato tools that you can use to verify the reason that the host is unreachable.
You can use the Socket WebUI to ping and take a PCAP for the host from the LAN interface. For more information, see Using the Socket WebUI.
-
From the Socket WebUI, ping the host with these settings:
-
Route via - LAN
-
Hostname/IP - IP address of the unreachable host
-
Use the LAN hosts unreachable preset in the Events page to show all the events generated when the Cato Cloud can't reach a monitored host.
Review changes in the Audit Trail page for the Cato Management Application, and see if there is a configuration that is related to this issue.
The Known Hosts page for the site shows the last known activity for a host. You can filter the page with the Name or IP Address.
Once you identify the reason why the Cato Cloud can't reach the host, resolve the issue and restore connectivity. We recommend checking this potential internal causes:
-
Verify the host status and connectivity
-
Verify that there is no planned activity or maintenance that impacts the host
-
Check local connectivity, routing, configurations that could impact the host
After you remediate the issue with the host, verify that it is reachable and has connectivity to the Cato Cloud.
From the Known Hosts page, show the host and verify that the Last Host Activity is showing data for the current time.
Use the Socket WebUI to ping the host, first from the LAN interface to verify that the host has connectivity to the site. Then ping the host again from the PoP using a WAN interface to verify that it has connectivity to the Cato Cloud.
0 comments
Please sign in to leave a comment.