8 Replies Latest reply on Apr 17, 2018 5:23 AM by anitazuri

    Nodes showing as Red

    anitazuri

      Hello,

       

      Can anyone explain why after discovering nodes they appear to be down in Solarwinds when they are not.  These particular nodes are behind our DMZ.  I can see them as Green in our old Solarwinds system but they are Red in our new system.

       

      Our security guy has gone through our ASA firewall and some of the Checkpoint stuff but he doesn't have full access to this.  He has asked our third party to add our new IP to all the rules that the old server has but still we have the issue and also can't discover certain IPs.

      And as you might expect it's affecting some of our critical servers!  We are supposed to go live with this in two weeks and just can't get to the bottom of where the issue lies.

       

      I realise that there's no straight answer but just wondering if anyone has also had this experience and what they tried next

       

       

      Thanks

      Anita

        • Re: Nodes showing as Red
          bdufresne

          Anita,

           

          Let's see if we can't identify this issue.

           

          First, your old poller, is that using ICMP only or is it also using SNMP?

          Next, are your old poller and new poller on the same subnet space?

          Have you added the SNMP/ICMP traffic ACLs on the switches you are trying to monitor?

          Are you able to just ping the devices from the poller?

          If you are able to ping, are you able to tracert?

           

          Hopefully we can get you going down the right path with these answers,

          Bryan

          1 of 1 people found this helpful
            • Re: Nodes showing as Red
              anitazuri

              Hi,

               

              Thanks for your reply.

               

              The Old Poller is using ICMP and SNMP

               

              Old and New servers are on the same subnet space

               

              It's not a switch that I'm trying to monitor it's 4 web server's and Netscaler MPX

               

              I can ping the Servers from the Old Poller but not the New one, but the Security guy assures me that the new Poller IP has been added to all the same rules in the firewall as the Old Poller  - so SNMP, UDP, Ping

               

              when I run a tracert the Old Poller goes right through to the web server IP but the new one doesn't, the New Poller see's our CheckPoint firewall then should hop to our Netscalers then the Web Servers but it doesn't get this far.

               

              The guy who looks after our firewall is going nuts as can't find what's stopping it.

                • Re: Nodes showing as Red
                  bdufresne

                  Anita,

                   

                  Can your new poller ping the internal side of the firewall?  Can it ping the DMZ side of the firewall?  I would bet there is a deny before a permit somewhere in the rules that is messing it up.

                   

                  Bryan

                    • Re: Nodes showing as Red
                      anitazuri

                      Hi Bryan,

                       

                      I can ping the internal side of the firewall but I'm not sure about the DMZ, I asked our security guy but he's not got back to me yet with the details.

                       

                      We decided we could go live anyway and monitor the outstanding devices on the old system for one month using an evaluation license.  But I've just tested our AS400 IBM system and have a similar problem, they are pingable by ICMP but fail on SNMP even though the new poller information/community string has been added to the correct area on the AS400 system.  We definitely can't go live if this isn't working as it needs SMS messaging so can't remain on the old system because our modem will move to the new system arghhh it's driving me mad.

                        • Re: Nodes showing as Red
                          bdufresne

                          Anita,

                           

                          This sounds to me like either an ACL on the devices or the firewall.  Double check the configs are permitting SNMP to the devices.  The firewall person has already said he's side is good, but I would still have him do a TCP dump and make sure he's seeing the traffic pass through.  Good luck.

                           

                          Bryan

                            • Re: Nodes showing as Red
                              anitazuri

                              Thanks so much Bryan, I will try this approach and when we get to the bottom of it I will update here with the findings.

                              • Re: Nodes showing as Red
                                anitazuri

                                Hello,

                                 

                                We got to the bottom of the issue, the security guy checked all firewall rules and was confident that the issue wasn't firewall related.

                                 

                                The issue was actually on our Netscaler MPX's.  There is only one guy who has an account on these, he assured me he had set everything up for Solarwinds, and he had in terms of SNMP, but the new SW Server IP hadn't been added to the routing section, once this was added everything sprung into life.

                      • Re: Nodes showing as Red
                        bobmarley

                        Sounds like a firewall rule allowed the old servers but is excluding the new ones. Try doing remote desktop into your new Orion server and open the command prompt and see if you can ping the servers directly. If it fails then it's not something in Orion.

                        Most likely the firewall not letting the pings through.