I have been troubleshooting false alerts on checkpoint devices for quite a while. Hopefully someone here can help out some.
This is our configuration.
- Orion Platform 2014.2.1, IPAM 4.2, NCM 7.3.2, NPM 11.0.1, NTA 4.1.0, UDT 3.1.0, IVIM 1.10.0, VNQM 4.2
- Everything except for our Neflow server are on virtual servers.
- We have two pollers.
- All SW Servers are located in the same datacenter.
- Checkpoints are across the country.
When we get a false alert: (they are random and not consistent)
- If you log into the Poller that device is assigned to, you can't ping or trace route to that device. However if you log into the other poller or from your desktop you can ping and trace route without issues. This happens more often on our primary poller, but has happened on our secondary poller.
- The false alerts many times bounce (show down, up, down, up about every 10 or so minutes)
I have:
- Had our server team look at the servers and they have not located any issues.
- Restarted the servers
- Firewall team (responsible for the checkpoints) do not show issues or blocks
- Updated the SW MIBS file
- This is happening ONLY on Checkpoint devices. Other monitored devices are not giving false alerts.
Any other suggestions would be appreciated.