Hi,
I need to lock down my Solarwinds (NPM, WPM, SAM, NTA) for security reasons. My first attempt was to lock it down with firewall policies to restrict traffic in and out of the Solarwinds server based on a Solarwinds port requirements https://documentation.solarwinds.com/en/Success_Center/orionplatform/Content/core-solarwinds-port-requirements.htm. However, shortly after I've lock it down, all 100+ nodes reported "node is down" and I got 100+ emails for them. The monitored nodes include Windows (WMI), Linux (SNMP) and network devices (switches, firewalls). I have two questions:
1. How does it determine a node is down? Is it by the specified polling method (WMI, SNMP, etc) or just ICMP? The fact all of themreported down about the same time makes me suspect it uses ICMP.
2. Is there a way to easily disable ALL alerts temporarily? I see about 90 alerts have enabled state in Alert Manager and I can't tell which ones are actually used. In order to avoid false alerts sending out, I am hoping there is a simple way to disable ALL alerts and they won't send out alerts generated during disabled time after re-enabled.
Thank you.