Jump to content

Recommended Posts

I using PFSENSE with 2 Gataways in case of fail over, I have Comcast and ATT

So Comcast is the default is it fails , I want to crate a monitor and alert so I can be notified if comcast is down or ATT is down,

What could be the best practice ?  

 

image.thumb.png.f7bca2ebb808de499502f3fad24f8b9b.png

Share this post


Link to post
Share on other sites

You could monitor it from the outside, from your systems or from the systems of a client. Just create a ping monitor for each of the public IPs.

or, you could use snmp from a probe on the clients installations which queried the pfsense, but I don't know if pfsense support snmp info to indicate if an interface is considered up or down.

or, if the pfsense doesn't support that sort of thing, you could define routes on the pfsense to route a particular IP out over just one of the links. If each of the IPs was for a router in the ISPs network, then pinging IP1 would indicate that DSL1 was working and pining IP2 would indicate that DSL2 was working. I am assuming you can do this in the routing tables of the pfsense. This way a ping monitor on a probe could be used.

or, if the pfsense can generate syslogs which correspond to interface down or route down (they're different obviously) then you can point those syslogs at the probe and use those to generate alerts. Never tried that, but in the end, they just go into a table in mysql.

Share this post


Link to post
Share on other sites
Posted (edited)

Not sure how to do it in a monitor at the client's office (since that would require specific routing to the gateway), however, pfSense will send notifications of this and various other alerts such as reboot, update install, alias errors, etc.  System/Advanced/Notifications.  https://docs.netgate.com/pfsense/en/latest/book/config/advanced-notifications.html

Note you shouldn't monitor the ISP router in the gateway settings because that router may be up but the connection down.  I pick on Google and use 8.8.8.8 on one and 8.8.4.4 on the other since they have to be different.

Edited by SteveYates

Share this post


Link to post
Share on other sites

Thanks, I created a monitor using automate. 

The monitor is on the server and pings the gateway.

I can make the getaway down so I will way for a outage to see if is working

Share this post


Link to post
Share on other sites

I've got a part of the solution but the might need some re-thinking... When you add an exe monitor to your agent running the command 

Quote

C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe (new-object System.Net.WebClient).DownloadString('http://myexternalip.com/raw')

you will get the public IP address for that agent. However, it should be compared agains the router address to detect changes or keep history. Sinds a monitor cant compare agains router address, we should keep some history. So enable data collection could be an option. Next, create an internal monitor to track changes. A bit of a dirty solution but it works...

Share this post


Link to post
Share on other sites

If you just want to know if the client's WAN IP changes (failover happened) that can be done in an internal monitor, though it's a bit manual and requires one monitor per client.

Make a group "IP address changes" and add the server at each client to monitor (servers rarely leave the office).  Target the monitor to this group.

table: computers
field: RouterAddress
NotEquals
result: 'ip.address'  <-- primary WAN IP
identity: RouterAddress
condition:
Clients.Name = 'clientname'

If the PC's IP changes (how it connects to CWA), the monitor alerts.

Edited by SteveYates

Share this post


Link to post
Share on other sites

Hi Steve,

Thats another approach. However, When you have 60+ clients on 60+ locations and they all have another WAN address, you need to create 60+ internal monitors.
You need to be able to keep a history of the computers.RouterAddress so you can determine of the address has changed. Since this option isn't available (I cant find it) you need to create some historical data yourself. Therefore I created this remote monitor to be able to get data in the h_agentdata table. This way you have a log on every interval the remote monitor will check.

Correct me if i'm wrong....

Share this post


Link to post
Share on other sites

You're not wrong, mine doesn't scale very well.  That's why I suggested having pfSense email the notification. :)  For our uses, we have one client on DHCP where we need to use the IP in a firewall rule, and one client that doesn't have a pfSense.  I'm pretty sure I did look at the hardware change tables at a time, a few years ago, and didn't find the IP there.

Share this post


Link to post
Share on other sites

Wanna know something funny? When datacollector is enabled, it doesn't collect data. Thats probably because it's not an int value but a string value. 

So back to the drawingboard.... it must be possible to automate it. It's not called Automate for nothing 🙂 I've posted an enhancement request to track changes for servers in the h_computers table. 

Edited by Duvak

Share this post


Link to post
Share on other sites

Got something figured out! Get this one from me free of charge 🙂

The whole idea is based on this PowerShell Script. What is does is:

1. Check if a file exsist on the computer it runs at called C:\windows\ltsvc\public-ip.txt
    If not, it will create it. If it does, it will keep it.
2. Get the public IP address from the internet using powershell. 
3. Compare the IP address from the powershell to the one mentioned in the TXT file
4. If the same, it puts out a "1". It not the same, it logs the new IP address.

So how do you monitor it?

Create a BAT file with a similar name. put something like this in it:
@ IF NOT Exist PublicCompare.PS1 (powershell.exe Invoke-WebRequest -uri https://your.FQDN/labtech/transfer/monitors/PublicCompare.ps1 -outfile PublicCompare.ps1)
@ powershell.exe .\PublicCompare.ps1

Put both files (PublicCompare.ps1 and PublicCompare.bat) on your Automate Webserver dir C:\LTShare\Transfer\Monitors

Now create a remote monitor on the server/group or anything you like to monitor from. The monitor should be an EXE monitor calling PublicCompare.bat.
The output will be "1" if the IP address remains the same, contains an error (like 503 or 404) when the external website is down as a warning or it will show anything else to fail. So make it a state based monitor:

image.png.59dca2112174604b5ea0e59ad4be9673.png

As an alert, choose whatever you like. It will log every change in the monitor result in a ticket, alert or mail. 

Whats next?

Because the monitor is over-writing the IP to a txt file every time it checks, the monitor will return to success state after a fail. In this way, it will trigger another alert when the IP address change back to the default one. This way you will have a ticket for every multi-wan event.

Be carefull

Might me a no-brainer, but this monitor will not proper work on a laptop since it's supposed to change IP's once its online on a different location.
Furthermore you might want to check the TXT file the first time because when the result is something like "not allowed to run scripts", the monitor will equal "1" every time because the TXT file contend remains the same.
And speaking of which.... Powershell must be set to allow running scripts (set-executionpolicy remotesigned)

Thats it. Take it if you like or leave it if you dont. Feel free to drop a question below.

 


 

PublicCompare.ps1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...