11 Replies Latest reply on Oct 26, 2013 1:01 PM by augustocsm

Monitoring devices that deny ICMP

ACDII Jun 23, 2009 2:46 PM

I have a couple devices that have built in firewalls that block ICMP totally with no way to allow Pings. I can pull up the interfaces OK and the CPU, but they get reported as down since they deny ping. How can I set Orion to show them up without ICMP? I actually have this problem with ASA's and monitoring devices behind one unless I bing the IP to a device after setting up all the port translations.

Re: Monitoring devices that deny ICMP

brokenjeep Jun 24, 2009 12:39 PM (in response to ACDII)

I am sure you have seen this one.. I know it is a feature request but if there is any idea of how far down the list it is, would be cool. More devices are shutting down ICMP these days..
polling a device with icmp disabled
Like Show 1 Likes(1)

Actions
- Re: Monitoring devices that deny ICMP
  
  ACDII Jun 24, 2009 12:47 PM (in response to brokenjeep)
  
  I missed that one, but it answers my question for sure. I guess my phone proxies will remain unmonitored.
  
  Like Show 0 Likes(0)
  
  Actions
  - Re: Monitoring devices that deny ICMP
    
    brokenjeep Jun 24, 2009 1:06 PM (in response to ACDII)
    
    SW devs, please but down two more people requesting this feature.. :)
    
    Like Show 0 Likes(0)
    
    Actions
    - Re: Monitoring devices that deny ICMP
      
      bshopp Jun 24, 2009 1:14 PM (in response to brokenjeep)
      
      Noted, thanks!
      
      Like Show 0 Likes(0)
      
      Actions
      - Re: Monitoring devices that deny ICMP
        
        afarmer Jun 24, 2009 6:33 PM (in response to bshopp)
        
        Brandon,
        Add another person requesting this feature too, thanks.
        
        Like Show 0 Likes(0)
        
        Actions
        
        Re: Monitoring devices that deny ICMP
        
        chester007 Dec 2, 2009 5:59 AM (in response to afarmer)
        
        Has this ever been implemented? Seems like a very usefull request. Add me to the list of requestors.
        
        Rob D.
        
        Like Show 0 Likes(0)
        
        Actions
        
        Re: Monitoring devices that deny ICMP
        
        lhorstma Dec 2, 2009 6:51 AM (in response to chester007)
        
        What a coincidence, all this time using Orion I haven't needed to do this, until today, so I come here looking for a way and find this post right at the very top. Put my name on the list for people that want this feature. I can pull SNMP info but no ICMP. At least give me a button to just turn off ICMP monitoring of a device. Thanks.
        
        Like Show 0 Likes(0)
        
        Actions
        
        Re: Monitoring devices that deny ICMP
        
        augustocsm Oct 26, 2013 1:01 PM (in response to lhorstma)
        
        Looks like SW is woking on this feature. Check this: http://thwack.solarwinds.com/ideas/2868
        
        Like Show 0 Likes(0)
        
        Actions
- Re: Monitoring devices that deny ICMP
  
  chris.schock Dec 2, 2009 8:44 AM (in response to brokenjeep)
  
  Please add me to the list of those requesting the feature.
  Side note/rant, ICMP has unfortunately gotten a bad name and a lot of organizations shut it all down regardless of type code. Personally I think this is a shortsighted practice at best, and disastrous at worst. Ping and traceroute are two of the easiest and most helpful tools for troubleshooting, now made useless.
  Even more nefarious is that disabling ICMP carte blanche breaks MTU discovery. With all the IPSec and GRE tunnels (think: WCCP) out there today this can do to an application what Rome did to Carthage. Most people never even think of this and I am fairly sure there are many organizations suffering from this undetected issue.
  So for all you firewall/security guys out there, please allow ICMP and just rate limit instead. That way techs can still do what they need to do, your IP stack still has a fighting chance, and you limit your exposure to viruses, worms, and smurfs.
  
  Like Show 0 Likes(0)
  
  Actions
  - Re: Monitoring devices that deny ICMP
    
    bshopp Dec 3, 2009 1:24 PM (in response to chris.schock)
    
    I have appended y'all to the enhancement request
    
    Like Show 0 Likes(0)
    
    Actions
    - Re: Monitoring devices that deny ICMP
      
      kiwi Dec 3, 2009 3:17 PM (in response to bshopp)
      
      Hi Brandon
      HP OV NNM solves this by having the user add the Non-pingable IP addresses to a flat file that has a Reserved file name recognised by the network monitor process that instructs it to use SNMP instead of ICPM (ping) to monitor the interface Up/Down status for those particulat interfaces. May be Lab eng will do similar thing for this NPM service request, if I may suggest
      K. rgrds
      
      Like Show 0 Likes(0)
      
      Actions

Go to original post