Working with Link Health Rules

This article discusses how to configure health rules to send email notifications for connectivity or link quality issues.

Overview

Use the Health Rules screen to configure the Cato Management Application (CMA) to send notifications when there are issues related to link connectivity or quality during the configured amount of time. For connectivity rules, you can define the scope for objects that trigger an email notification for connectivity issues. For quality rules, define the objects that are monitored for link quality threshold on one or more interfaces. In addition, you can select which types of quality categories trigger email notifications.

Working with Ordered Rules

The Health rules are applied sequentially, when there is a link issue, the Cato Cloud checks to see if it matches a rule. Notifications are sent based on the first rule that matches the issue, and then the Cato Cloud stops checking. Each link issue can only match up to a single Health rule.

The notification can show the time that the connectivity event occurs, also includes the timezone by which the time is calculated.

Managing Health Rules

The following sections explain how to create, enable, and manage health rules.

Configuring a Connectivity Health Rule

Note

Notes:

  • For accounts that do not currently have users and user groups in Connectivity Health Rules, as of November 3, 2024, they will not be able to define them as the Source.

  • From January 2, 2025, users and user groups can no longer be defined as a Source in Connectivity Health Rules.

For more information, see this article.

You can set conditions for the rules (such as only send an alert if the issue persists for a specific duration or if the issue occurs repeatedly), as well as set different rules for one or more connectivity Condition issues (such as failover, passive disconnect, disconnect). When you define multiple Conditions, there is an OR relationship between them.

For connectivity health rules that include sites, we recommend that you do not use the Any option. Sites can generate many notifications because users and groups are regularly disconnecting and connecting.

Note

Note: Notifications for connectivity health rules are only sent for the issue matching the rule, but not when the issue resolves. For example, a notification is sent for a disconnect event but not when the disconnection resolves. To receive alerts when issues resolve, please use the XDR Response Policy and create rules for the required Network stories.

ConnectivityHealthRule.png

To configure a Connectivity Health Rule:

  1. From the navigation menu, click Network > Link Health Rules.

  2. From the Connectivity Health Rules tab or section, click New.

    The New Connectivity Health Rule panel opens.

  3. Configure the General settings for the rule:

    1. Enter a Name for the rule.

    2. Click the slider toggle.png to make sure that the rule is enabled.

  4. Configure the Source settings for the rule:

    1. Select the type (for example: site or group).

    2. When needed, select a specific item from the drop-down list for that type.

  5. Configure the Condition settings (the On column) for this rule:

    1. In On, select one or more connectivity items that trigger the rule:

      • Any - Any type of connectivity issue

      • Failover - Failover between primary and secondary links, or vice-versa.

      • Primary Disconnect - Link(s) in active state disconnected.

      • Secondary Disconnect - Link(s) in passive or last resort state are disconnected.

      • Socket Failover - Failover between sockets in HA configuration.

      • Internet as a Transport - Disconnection for links transporting data over the Internet (and not the Cato Cloud)

    2. In Limits, you can define the time duration or number of connectivity issues that trigger the rule:

      • For disconnect conditions, you can define the time Duration that the link or connection is disconnected before triggering the rule.

      • In Occurrences, you can define how often the connectivity issue occurs before triggering the rule.

      Note

      Notes:

      • The Limits settings are evaluated as an OR relation.

      • By default, the health rule engine checks for a duration of 2.5 minutes to determine if an event matches a rule. If you configure a Duration Limit for the rule of less than 2.5 minutes, this can impact the content of the notification. For example, if a Duration is set of 1 minute for a Primary Disconnect rule, then the rule will be matched after the Primary Socket is disconnected for 1 minute. But this can result in two different notifications, as follows:

        • If the Socket is disconnected for more than 1 minute and remains disconnected for more than 2.5 minutes - the notification will be for a Disconnect event.

        • If the Socket is disconnected for more than 1 minute, but reconnects before 2.5 minutes - the notification will be for a Reconnect event.

      • When Occurrences are set for a Primary Disconnect or Secondary Disconnect rule, then PoP changes and session reconnects are also counted as occurrences.

  6. (Optional) Configure the Tracking options to Send Notifications.

    For more information about notifications, see the relevant article for Subscription Groups, Mailing Lists, and Alert Integrations in the Alerts section.

  7. Click Apply. The new rule is added to the rulebase.

  8. Click Save. The Connectivity Health rules are saved to your account.

Monitoring Link Quality with Health Rules

Quality Health Rules let you monitor the link quality between the site and the Cato Cloud. When the quality does not meet a threshold during the configured time frame, the CMA sends a notification. A second notification is sent after the link quality returns to comply with the threshold for a specific time period.

You can define the scope of a rule for specific sites or groups. In addition, define which links are monitored for interfaces on sites with Sockets and IPsec connections. You must configure at least one quality threshold to trigger an email alert according to these categories:

Direction

Traffic that is upstream, downstream, or both

Packet Loss

Percentage of transmitted packets

Distance (msec)

Milliseconds that it takes a packet to travel between the source and the PoP

Jitter (msec)

Delay in milliseconds between packets

Congestion

The volume of packets exceeds the available link capacity, leading to network congestion

Congestion is measured across all bandwidth priorities and is triggered if there are more than 1% of discarded packets for the configured Duration for the rule.

When you select more than one quality threshold, they are evaluated with an OR relationship.

Cato recommends that you have separate link health rules for each link. This ensures that if both the primary and secondary links are disconnected within the same period, you will receive separate notifications for the disconnect and reconnect events.

Configuring a Link Quality Health Rule

Configure a quality health rule to monitor the quality of the links between sites and objects in your account and the Cato Cloud. When you define multiple Thresholds, there is an OR relationship between them.

The Condition of a link quality health rule defines the thresholds that are monitored for the link. For example, if the Threshold is set to a Distance of 100ms, and the Limits is set to 50% minutes over a 10-minute time frame, this means that the link is suffering from poor distance quality for a total of 5 minutes during the total 10 minutes. If the issue occurs during the first 2 minutes and then after 1 minute of good link health, the issue occurs for another 3 minutes, then an event is generated, and a notification is sent (according to the rule settings).

QualityHealthRule.png

To configure a Health Rule to monitor the link quality:

  1. From the navigation menu, click Network > Link Health Rules.

  2. From the Quality Health Rules tab or section, click New.

    The New Quality Alert panel opens.

  3. Configure the General settings for the rule:

    1. Enter a Name for the rule.

    2. Select the traffic Direction that triggers the rule: Any, Upstream, or Downstream.

    3. Click the slider toggle.png to make sure that the rule is enabled.

  4. Configure the Source settings for the rule:

    1. Select the type (for example: site or group).

    2. When needed, select a specific item from the drop-down list for that type.

  5. In the Network Interface section, select one or more interfaces for the rule.

    To apply the rule to all the interfaces, select Any.

  6. In the Condition section, define the link quality conditions that trigger the rule:

    1. Select one or more Thresholds, and configure the quality value for each threshold.

    2. Define the Duration settings for how long the quality issue for the link continues.

    3. In Clear Event, set how long to wait before sending the All Clear email notification.

  7. (Optional) Configure the Tracking options to Send Notifications.

    For more information about notifications, see the relevant article for Subscription Groups, Mailing Lists, and Alert Integrations in the Alerts section.

  8. Click Apply. The new rule is added to the rulebase.

  9. Click Save. The Quality Health rules are saved to your account.

Configuring Alert and Notification Options

The Track option lets you create alerts that are triggered by different rules, such as firewall rules, remote port forwarding rules, health alerts and more. For some rules, such as firewall rules, you can choose to generate notifications when the rule is matched.

The Frequency defines how often notifications can be generated by the system. Each occurrence only generates a single alert.

To configure alerts and notifications for a rule:

  1. In the Tracking section, select Send Notification.

  2. In the Frequency section, configure how often a notification is sent to the recipients as follows:

    • Immediate - Send notification for every occurrence.

    • Hourly - Send notification with the first occurrence, and if there are any additional occurrences, then the next notification for any additional occurrences follows after 1 hour.

    • Daily - Send notification with the first occurrence, and if there are any additional occurrences, then the next notification for any additional occurrences follows after 1 day.

    • Weekly -Send notification with the first occurrence, and if there are any additional occurrences, then the next notification for any additional occurrences follows after 1 week.

  3. In Send notification to, select the Subscription Group , Mailing List or Integration and select the relevant item.

  4. Click Apply, and then click Save.

Was this article helpful?

2 out of 2 found this helpful

2 comments

Date Votes
  • Comment author
    Rhys Goodwin 
    Select one or more Thresholds, and configure the quality value for each threshold.

    Is this an AND or an OR condition? 

  • Comment author
    Yaakov Simon

    Rhys Goodwin - Excellent question! We updated the article to say that there is an OR condition when you configure multiple Thresholds for a rule.