Gateway Alerts
Following are the SD-WAN and Gateway appliance-related alerts that you can configure for notification over Webhooks. Click on an alert to see its description and JSON payload.
- New Gateway Connected
- Gateway Disconnected
- Gateway CPU Utilization
- Gateway Memory Utilization
- BGP Session Error
- Gateway Base License Capacity Limit Exceeded
- Routing Table Limit
- Overlay Route Orchestrator Connection
- WAN Health Check Failure
- WAN VPN Peer Unreachable
- Tunnel Flapping
- Uplink Flapping
- WAN Uplink Status Change
- WAN Uplink Autonegotiation State Change
- IPSec Establishment Failure
- IPSec SA Down
- All IPSec SAs Down
- CFG SET Advertisement Failure
- VGW VM Down
- Gateway IDS IPS Engine Error State
- Gateway IDS IPS Engine CPU Utilization
- Gateway IDS IPS Engine Memory Utilization
- Gateway IDS IPS Engine Packer Dropped Detected
- Gateway Emergency Mode
- WAN Uplink Input Errors
- WAN Uplink Output Errors
- WAN Uplink PHY Errors
- VPN Peer Failover
- OSPF Session Error
- SLA DPS Compliance Alert
- EST Enrollment Failure
- GW Cluster VLAN Mismatch
New Gateway Connected
Generates an alert when a new Branch Gateway is connected.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 301,
"alert_type": "NEW_GATEWAY_DETECTED",
"setting_id": "abce082bef4a428bb31366f6d6ff223f-301",
"device_id": "CNXXYYZZAA",
"description": "New Gateway GSK-7005-2 with serial CNXXYYZZAA, MAC address 20:aa:bb:cc:eb:30 and IP address 172.168.1.1 connected, Group:unprovisioned",
"state": "Open",
"severity": "Warning",
"operation": "create",
"timestamp": 1612725256,
"details": {
"group": "1",
"labels": "",
"_rule_number": "0",
"params": ["CNXXYYZZAA", "20:aa:bb:cc:eb:30", "172.168.1.1", "GSK-7005-2"],
"serial": "CNXXYYZZAA",
"time": "2021-02-07 19:14:16 UTC",
"group_name": "unprovisioned"
},
"webhook": "52e0abbd-cdda-45f2-bd68-3107fef43841",
"text": "New Gateway GSK-7005-2 with serial CNXXYYZZAA, MAC address 20:aa:bb:cc:eb:30 and IP address 172.168.1.1 connected, Group:unprovisioned"
}
Gateway Disconnected
Generates an alert when a Branch Gateway is disconnected. When a gateway disconnects because of license expiry, the alert description shows 'Reason: Device unlicensed'.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 303,
"alert_type": "GATEWAY_DISCONNECTED",
"setting_id": "abce082bef4a428bb31366f6d6ff223f-303",
"device_id": "CNXXYYZZAA",
"description": "Gateway GSK-7005-2 with serial CNXXYYZZAA, MAC address 20:aa:bb:cc:eb:30 and IP address 172.168.1.1 disconnected. , Group:default",
"state": "Open",
"severity": "Major",
"operation": "create",
"timestamp": 1612725779,
"details": {
"params": [
"CNXXYYZZAA",
"20:aa:bb:cc:eb:30",
"172.168.1.1",
"GSK-7005-2",
"",
""
],
"group": "0",
"ts": "1612725444737",
"labels": "",
"serial": "CNXXYYZZAA",
"conn_status": "disconnected",
"time": "2021-02-07 19:22:59 UTC",
"group_name": "default"
},
"webhook": "52e0abbd-cdda-45f2-bd68-3107fef43841",
"text": "Gateway GSK-7005-2 with serial CNXXYYZZAA, MAC address 20:aa:bb:cc:eb:30 and IP address 172.168.1.1 disconnected. , Group:default"
}
Gateway CPU Utilization
Generates an alert when the Branch Gateway CPU utilization exceeds the threshold value. You can add additional rule(s) for this alert.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 1351,
"alert_type": "CONTROLLER_CPU_OVER_UTILIZATION",
"setting_id": "ggsswerr90254beccccaaazza05f17-1351",
"device_id": "CNXXYYZZAA",
"description": "CPU utilization for Gateway WTH_9004-2 with serial CNXXYYZZAA has been above 10% for about 5 minutes since 2021-02-02 13:24:00 UTC.",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612272540,
"details": {
"name": "WTH_9004-2",
"unit": "%",
"serial": "CNXXYYZZAA",
"group": "36",
"labels": "8",
"_rule_number": "0",
"ds_key": "ggsswerr90254beccccaaazza05f17.CNXXYYZZAA.cpu_utilization.5m",
"duration": "5",
"threshold": "10",
"time": "2021-02-02 13:24:00 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "CPU utilization for Gateway WTH_9004-2 with serial CNXXYYZZAA has been above 10% for about 5 minutes since 2021-02-02 13:24:00 UTC."
}
Gateway Memory Utilization
Retrieving data. Wait a few seconds and try to cut or copy again.
{
"id": "AXdiyfwQo68tULajRTiG",
"nid": 1352,
"alert_type": "CONTROLLER_MEMORY_OVER_UTILIZATION",
"setting_id": "ggsswerr90254beccccaaazza05f17-1352",
"device_id": "CNXXYYZZAA",
"description": "Memory utilization for Gateway WTH_9004-1 with serial CNXXYYZZAA has been above 30% for about 30 minutes since 2021-02-02 12:19:00 UTC.",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612270140,
"details": {
"name": "WTH_9004-1",
"unit": "%",
"serial": "CNXXYYZZAA",
"group": "36",
"labels": "8",
"_rule_number": "0",
"ds_key": "ggsswerr90254beccccaaazza05f17.CNXXYYZZAA.memory_utilization.5m",
"duration": "30",
"threshold": "30",
"time": "2021-02-02 12:19:00 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "Memory utilization for Gateway WTH_9004-1 with serial CNXXYYZZAA has been above 30% for about 30 minutes since 2021-02-02 12:19:00 UTC."
}
BGP Session Error
Generates an alert when a BGP session fails.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 1355,
"alert_type": "CONTROLLER BGP SESSION ERROR",
"setting_id": "ggsswerr90254beccccaaazza05f17-1355",
"device_id": "CNXXYYZZAA",
"description": "BGP neighbor 172.30.1.102 is down (router-id=10.53.9.44, ASN=3002, serial=CNXXYYZZAA)",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612811123,
"details": {
"serial": "CNXXYYZZAA",
"nbr_addr": "172.30.1.102",
"nbr_as": "3002",
"nbr_id": "10.53.9.44",
"group": "12",
"time": "2021-02-08 19:05:23 UTC"
},
"webhook": "f6f2b19a-31d5-445c-b340-eb1ca8a6fdd8",
"text": "BGP neighbor 172.30.1.102 is down (router-id=10.53.9.44, ASN=3002, serial=CNXXYYZZAA)"
}
Gateway Base License Capacity Limit Exceeded
Generates an alert when a Gateway with Foundation-Base Capacity subscription exceed the client capacity threshold. For more information on Foundation-Base Capacity subscription, see Assigning Subscriptions to Aruba Gateways.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 1356,
"alert_type": "GATEWAY_BASE_LICENSE_CAPACITY_EXCEEDED",
"setting_id": "ggsswerr90254beccccaaazza05f17-1356",
"device_id": "CNXXYYZZAA",
"description": "Base license capacity limit exceeded for Gateway with name: CSIM_SCA0000073, serial: CNXXYYZZAA",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612424272,
"details": {
"group": "0",
"labels": [],
"name": "CSIM_CNXXYYZZAA",
"serial": "CNXXYYZZAA",
"time": "2021-02-04 07:37:52 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "Base license capacity limit exceeded for Gateway with name: CSIM_CNXXYYZZAA, serial: CNXXYYZZAA"
}
Routing Table Limit
Generates an alert when the routing table size exceeds the 90% of the capacity. This alert is auto-acknowledged when the Routing table size goes below 85% of the capacity.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 1357,
"alert_type": "CONTROLLER ROUTE TABLE CAPACITY",
"setting_id": "ggsswerr90254beccccaaazza05f17-1357",
"device_id": "CNXXYYZZAA",
"description": "Routing table for device DC3_VPNC8_7240XM exceeded threshold(serial=CNXXYYZZAA, IP=2.3.1.5, count=29268, max=32768)",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612801998,
"details": {
"serial": "CNXXYYZZAA",
"ip_address": "2.3.1.5",
"count": "29268",
"hostname": "DC3_VPNC8_7240XM",
"max": "32768",
"group": "57",
"time": "2021-02-08 16:33:18 UTC"
},
"webhook": "5cbc87e4-9eb5-45d2-b890-b21db89ca5b4",
"text": "Routing table for device DC3_VPNC8_7240XM exceeded threshold(serial=CNXXYYZZAA, IP=2.3.1.5, count=29268, max=32768)"
}
Overlay Route Orchestrator Connection
Generates an alert when the control connection between the Branch Gateway and the Overlay Route Orchestration (ORO) is down. This alert is auto-acknowledged when the control connection is re-established.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 1359,
"alert_type": "CONTROLLER OAP CONNECTION",
"setting_id": "ggsswerr90254beccccaaazza05f17-1359",
"device_id": "CNXXYYZZAA",
"description": "Overlay Route Orchestrator control connection is down for Legacy2.0-BGW1-A7005-39_82_AC (serial=CNXXYYZZAA)",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612808837,
"details": {
"hostname": "Legacy2.0-BGW1-A7005-39_82_AC",
"serial": "CNXXYYZZAA",
"group": "22",
"time": "2021-02-08 18:27:17 UTC"
},
"webhook": "f6f2b19a-31d5-445c-b340-eb1ca8a6fdd8",
"text": "Overlay Route Orchestrator control connection is down for Legacy2.0-BGW1-A7005-39_82_AC (serial=CNXXYYZZAA)"
}
WAN Health Check Failure
Generates an alert when WAN health check fails.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 1501,
"alert_type": "WAN_UPLINK_REACHABILITY_HEALTH_CHECK_IP_FAILED",
"setting_id": "ggsswerr90254beccccaaazza05f17-1501",
"device_id": "CNXXYYZZAA",
"description": "WAN reachability check failed for Gateway WTH_9004-2 with serial CNXXYYZZAA to Health Check IP 52.52.253.87 on uplink inet2_inet. Default-gateway is reachable.",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612304659,
"details": {
"default_gw_status": "reachable",
"intf_name": "inet2_inet",
"ip": "52.52.253.87",
"hostname": "WTH_9004-2",
"serial": "CNXXYYZZAA",
"group": "36",
"labels": [
"8"
],
"time": "2021-02-02 22:24:19 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "WAN reachability check failed for Gateway WTH_9004-2 with serial CNXXYYZZAA to Health Check IP 52.52.253.87 on uplink inet2_inet. Default-gateway is reachable."
}
WAN VPN Peer Unreachable
Generates an alert when the WAN VPN peer is unreachable.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 1502,
"alert_type": "WAN_UPLINK_REACHABILITY_VPN_PEER_FAILED",
"setting_id": "ggsswerr90254beccccaaazza05f17-1502",
"device_id": "CNXXYYZZAA",
"description": "WAN reachability check failed for Gateway WTH_9004-2 with serial CNXXYYZZAA to VPN peer 192.168.103.99 on uplink inet2_inet. Default-gateway is unreachable.",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612348217,
"details": {
"ip": "192.168.103.99",
"intf_name": "inet2_inet",
"default_gw_status": "unreachable",
"hostname": "WTH_9004-2",
"serial": "CNXXYYZZAA",
"group": "36",
"labels": [
"8"
],
"time": "2021-02-03 10:30:17 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "WAN reachability check failed for Gateway WTH_9004-2 with serial CNXXYYZZAA to VPN peer 192.168.103.99 on uplink inet2_inet. Default-gateway is unreachable."
}
Tunnel Flapping
Generates an alert when the tunnel state changes frequently. In the Interface field, enter the interface name. You can add additional rule(s) for this alert.
{
"alert_type": "WAN_TUNNEL_FLAP",
"description": "Tunnel data-vpnc-00:1a:1e:03:83:30-link1_inet status flapped 1% on device CNXXYYZZAA for about 15 minutes since 2019-07-25 12:26:00 UTC.",
"timestamp": 1564058460,
"webhook": "394c7a3c-ca41-4476-8afc-857e54aa4b3b",
"setting_id": "ggsswerr90254beccccaaazza05f17-1601",
"state": "Open",
"nid": 1601,
"details": {
"alias_map_name": "data-vpnc-00:1a:1e:03:83:30-link1_inet",
"_rule_number": "0",
"group": "77",
"dst_ip": "172.168.101.9",
"labels": "8,661",
"src_ip": "192.168.51.254",
"duration": "15",
"time": "2019-07-25 12:26:00 UTC",
"threshold": "1",
"ds_key": "ggsswerr90254beccccaaazza05f17.CNXXYYZZAA.uplink.tunnel.flap.5m",
"serial": "CNXXYYZZAA",
"uplink_tag": "link1_inet",
"unit": "%"
},
"operation": "create",
"device_id": "CNXXYYZZAA",
"id": "AXyzbcapqrstn24BIWcc",
"severity": "Critical"
}
Uplink Flapping
Generates an alert when the uplink state changes frequently. In the Interface field, enter the interface name. You can add additional rule(s) for this alert.
{
"alert_type": "WAN_UPLINK_FLAP",
"description": "Uplink link1_inet link status flapped 1% on device with CNXXYYZZAA for about 15 minutes
since 2019-07-25 12:36:00 UTC.",
"timestamp": 1564059060,
"webhook": "394c7a3c-ca41-4476-8afc-857e54aa4b3b",
"setting_id": "ggsswerr90254beccccaaazza05f17-1600",
"state": "Open",
"nid": 1600,
"details": {
"status": "DOWN",
"_rule_number": "0",
"group": "77",
"labels": "8,661",
"current_status": "UP",
"duration": "15",
"intf_name": "link1_inet",
"time": "2019-07-25 12:36:00 UTC",
"threshold": "1",
"ds_key": "ggsswerr90254beccccaaazza05f17.CNXXYYZZAA.uplink.flap.5m",
"serial": "CNXXYYZZAA",
"uplink_tag": "link1_inet",
"unit": "%"
},
"operation": "create",
"device_id": "CNXXYYZZAA",
"id": "AXyzbcapqrstn24BIWcc",
"severity": "Critical"
}
WAN Uplink Status Change
Generates an alert when the WAN uplink status changes.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 1505,
"alert_type": "WAN_UPLINK_STATUS_CHANGE",
"setting_id": "ggsswerr90254beccccaaazza05f17-1505",
"device_id": "CNXXYYZZAA",
"description": "Uplink port inet_inet status change UP -> DOWN for device WTH-9004-3 with serial CNXXYYZZAA at 2021-02-03 11:01:35 UTC",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612350095,
"details": {
"intf_name": "inet_inet",
"status": "UP",
"current_status": "DOWN",
"uplink_tag": "inet_inet",
"hostname": "WTH-9004-3",
"serial": "CNXXYYZZAA",
"group": "36",
"labels": [
"8"
],
"time": "2021-02-03 11:01:35 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "Uplink port inet_inet status change UP -> DOWN for device WTH-9004-3 with serial CNXXYYZZAA at 2021-02-03 11:01:35 UTC"
}
WAN Uplink Autonegotiation State Change
Generates an alert when the WAN uplink automatic negotiation status changes.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 1506,
"alert_type": "WAN_UPLINK_AUTONEGOTIATION_STATE_CHANGE",
"setting_id": "ggsswerr90254beccccaaazza05f17-1506",
"device_id": "CNXXYYZZAA",
"description": "WAN ports autonegotiaton speed changed from 1000 Mbps to Auto Mbps for device WTH-9004-3 with serial CNXXYYZZAA for uplink GE0/0/1 at 2021-02-03 11:02:35 UTC",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612350155,
"details": {
"intf_name": "GE0/0/1",
"speed": "1000",
"new_speed": "Auto",
"hostname": "WTH-9004-3",
"serial": "CNXXYYZZAA",
"group": "36",
"labels": [
"8"
],
"time": "2021-02-03 11:02:35 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "WAN ports autonegotiaton speed changed from 1000 Mbps to Auto Mbps for device WTH-9004-3 with serial CNXXYYZZAA for uplink GE0/0/1 at 2021-02-03 11:02:35 UTC"
}
IPSec Establishment Failure
Generates an alert when the IPsec tunnel fails to establish.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 1550,
"alert_type": "WAN_IPSEC_SA_ESTABILSHMENT_FAILED",
"setting_id": "ggsswerr90254beccccaaazza05f17-1550",
"device_id": "CNXXYYZZAA",
"description": "IPSec Tunnel Establishment from 192.168.36.10 to 192.168.103.99 failed on device WTH-9004-3 with serial CNXXYYZZAA at 2021-02-02 13:17:20 UTC",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612271840,
"details": {
"src_ip": "192.168.36.10",
"dst_ip": "192.168.103.99",
"alias_map_name": "WTH-9004-3:inet_inet::GSK_VPNC2:vlan103",
"link_tag": "inet_inet",
"hostname": "WTH-9004-3",
"serial": "CNXXYYZZAA",
"group": "36",
"labels": [
"8"
],
"time": "2021-02-02 13:17:20 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "IPSec Tunnel Establishment from 192.168.36.10 to 192.168.103.99 failed on device WTH-9004-3 with serial CNXXYYZZAA at 2021-02-02 13:17:20 UTC"
}
IPSec SA Down
Generates an alert when the IPsec SA is down.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 1551,
"alert_type": "WAN_IPSEC_SA_DOWN",
"setting_id": "ggsswerr90254beccccaaazza05f17-1551",
"device_id": "CNXXYYZZAA",
"description": "IPSec tunnel WTH_9004-1:inet2_inet::GSK_VPNC2:vlan103 from 192.168.31.10 to 192.168.103.99 is DOWN on device WTH_9004-1 with serial CNXXYYZZAA. Reason: Administrator cleared IPSEC SA at 2021-02-02 13:14:11 UTC",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612271651,
"details": {
"src_ip": "192.168.31.10",
"dst_ip": "192.168.103.99",
"reason": "Administrator cleared IPSEC SA",
"alias_map_name": "WTH_9004-1:inet2_inet::GSK_VPNC2:vlan103",
"uplink_tag": "inet2_inet",
"hostname": "WTH_9004-1",
"serial": "CNXXYYZZAA",
"group": "36",
"labels": [
"8"
],
"time": "2021-02-02 13:14:11 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "IPSec tunnel WTH_9004-1:inet2_inet::GSK_VPNC2:vlan103 from 192.168.31.10 to 192.168.103.99 is DOWN on device WTH_9004-1 with serial CNXXYYZZAA. Reason: Administrator cleared IPSEC SA at 2021-02-02 13:14:11 UTC"
}
All IPSec SAs Down
Generates an alert when all the IPsec SAs are down.
{
"id": "AXdi4Qoyo68tULajRUzs",
"nid": 1552,
"alert_type": "WAN_IPSEC_SA_ALL_DOWN",
"setting_id": "ggsswerr90254beccccaaazza05f17-1552",
"device_id": "CNXXYYZZAA",
"description": "All IPSec SAs down for device WTH_9004-1 with serial CNXXYYZZAA at 2021-02-02 13:14:11 UTC",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612271651,
"details": {
"hostname": "WTH_9004-1",
"serial": "CNXXYYZZAA",
"group": "36",
"labels": [
"8"
],
"time": "2021-02-02 13:14:11 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "All IPSec SAs down for device WTH_9004-1 with serial CNXXYYZZAA at 2021-02-02 13:14:11 UTC"
}
CFG SET Advertisement Failure
Generates an alert when the CFG-SET advertisement fails.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 1554,
"alert_type": "CFG_SET_ADVERTISEMENT_FAILURE",
"setting_id": "ggsswerr90254beccccaaazza05f17-1554",
"device_id": "CNXXYYZZAA",
"description": "CFG-Set advertisement failure for Gateway CNXXYYZZAA with serial BIM0010001 on tunnel default-local-vpnip-data-ipsecmap-00:1a:1e:04:27:48-link6 from 10.1.1.1 to 200.1.1.6",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612351819,
"details": {
"src_ip": "10.1.1.1",
"dst_ip": "200.1.1.6",
"alias_map_name": "default-local-vpnip-data-ipsecmap-00:1a:1e:04:27:48-link6",
"map_name": "default-local-vpnip-data-ipsecmap-00:1a:1e:04:27:48-link6",
"hostname": "CNXXYYZZAA",
"serial": "CNXXYYZZAA",
"group": "0",
"labels": [],
"time": "2021-02-03 11:30:19 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "CFG-Set advertisement failure for Gateway BIM0010001 with serial CNXXYYZZAA on tunnel default-local-vpnip-data-ipsecmap-00:1a:1e:04:27:48-link6 from 10.1.1.1 to 200.1.1.6"
}
VGW VM Down
Generates an alert when an Aruba Virtual Gateway deployed as a Virtual Machine is down.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 1702,
"alert_type": "VGW_HEALTH_STATE_CHANGE_DETECTED",
"setting_id": "ggsswerr90254beccccaaazza05f17-1702",
"device_id": "CNXXYYZZAA",
"description": "VGW VM DOWN -- User: [email protected] Cloud-Account: Test Cloud-Provider: Azure Region-Id: canadacentral VPC-Id: /karan_res_canada/canadavnet VM-Id: /subscriptions/2bf1e338-5361-470d-bcba-78c50b2b7f16/resourceGroups/karan_res_canada/providers/Microsoft.Compute/virtualMachines/ArubaVGW-92-1A-3A Serial-Number: CNXXYYZZAA Mac-Address: 02:1A:1E:92:1A:3A",
"state": "Open",
"severity": "Major",
"operation": "create",
"timestamp": 1612782698,
"details": {
"account_id": "4454656d9-asdf-wert-8ss0-3erarq23e4be",
"mac": "02:1A:1E:92:1A:3A",
"serial": "CNXXYYZZAA",
"vm_id": "/subscriptions/2bf1e338-5361-470d-bcba-78c50b2b7f16/resourceGroups/karan_res_canada/providers/Microsoft.Compute/virtualMachines/ArubaVGW-92-1A-3A",
"account_name": "Test",
"region_id": "canadacentral",
"customer_name": "[email protected]",
"health": "DOWN",
"vpc_id": "/karan_res_canada/canadavnet",
"provider_name": "Azure",
"customer_id": "ggsswerr90254beccccaaazza05f17",
"time": "2021-02-08 11:11:38 UTC"
},
"webhook": "5cbc87e4-9eb5-45d2-b890-b21db89ca5b4",
"text": "VGW VM DOWN -- User: [email protected] Cloud-Account: Test Cloud-Provider: Azure Region-Id: canadacentral VPC-Id: /karan_res_canada/canadavnet VM-Id: /subscriptions/2bf1e338-5361-470d-bcba-78c50b2b7f16/resourceGroups/karan_res_canada/providers/Microsoft.Compute/virtualMachines/ArubaVGW-92-1A-3A Serial-Number: CNXXYYZZAA Mac-Address: 02:1A:1E:92:1A:3A"
}
Gateway IDS IPS Engine Error State
Generates an alert when the Gateway’s IDS/IPS Engine state is either crashed or stopped. A severity of Critical indicates that the engine has crashed and Major indicates that the engine has stopped.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 2301,
"alert_type": "GW_IDS_IPS_ENGINE_ERROR_STATE_ALERT",
"setting_id": "ggsswerr90254beccccaaazza05f17-2301",
"device_id": "CNXXYYZZAA",
"description": "IDS/IPS engine on Gateway WTH_9004-1 with serial CNXXYYZZAA has moved to an error (Stopped) state.",
"state": "Close",
"severity": "Critical",
"operation": "update",
"timestamp": 1612407706,
"details": {
"serial": "CNXXYYZZAA",
"hostname": "WTH_9004-1",
"state": "Stopped",
"time": "2021-02-04 03:00:23 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "IDS/IPS engine on Gateway WTH_9004-1 with serial CNXXYYZZAA has moved to an error (Stopped) state."
}
Gateway IDS IPS Engine CPU Utilization
Generates an alert when the CPU utilization by IDS/IPS engine exceeds the threshold value and duration. You can add additional rule(s) for this alert.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 2302,
"alert_type": "GW_IDS_IPS_ENGINE_CPU_OVER_UTILIZATION",
"setting_id": "ggsswerr90254beccccaaazza05f17-2302",
"device_id": "CNXXYYZZAA",
"description": "CPU utilization for IDS/IPS engine on Gateway WTH_9004-2 with serial CNXXYYZZAA has been above 10% for about 11 minutes since 2021-02-04 02:43:01 UTC.",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612407241,
"details": {
"name": "WTH_9004-2",
"unit": "%",
"serial": "CNXXYYZZAA",
"group": "36",
"labels": "8",
"_rule_number": "0",
"ds_key": "ggsswerr90254beccccaaazza05f17.CNXXYYZZAA.idps.cpu.5m",
"duration": "11",
"threshold": "10",
"time": "2021-02-04 02:43:01 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "CPU utilization for IDS/IPS engine on Gateway WTH_9004-2 with serial CNXXYYZZAA has been above 10% for about 11 minutes since 2021-02-04 02:43:01 UTC."
}
Gateway IDS IPS Engine Memory Utilization
Generates an alert when the memory utilization exceeds the threshold value and duration. You can add additional rule(s) for this alert.
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 2303,
"alert_type": "GW_IDS_IPS_ENGINE_MEMORY_OVER_UTILIZATION",
"setting_id": "ggsswerr90254beccccaaazza05f17-2303",
"device_id": "CNXXYYZZAA",
"description": "Memory utilization for IDS/IPS engine on Gateway WTH_9004-2 with serial CNJJKLB0HB has been above 2% for about 5 minutes since 2021-02-04 02:49:00 UTC.",
"state": "Open",
"severity": "Minor",
"operation": "create",
"timestamp": 1612407240,
"details": {
"name": "WTH_9004-2",
"unit": "%",
"serial": "CNXXYYZZAA",
"group": "36",
"labels": "8",
"_rule_number": "0",
"ds_key": "ggsswerr90254beccccaaazza05f17.CNXXYYZZAA.idps.mem.5m",
"duration": "5",
"threshold": "2",
"time": "2021-02-04 02:49:00 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "Memory utilization for IDS/IPS engine on Gateway WTH_9004-2 with serial CNXXYYZZAA has been above 2% for about 5 minutes since 2021-02-04 02:49:00 UTC."
}
Gateway IDS IPS Engine Packer Dropped Detected
Generates an alert every time when the number of packets dropped exceeds the configured threshold value
{
"id": "AXyzbcapqrstn24BIWcc",
"nid": 2304,
"alert_type": "GW_IDS_IPS_ENGINE_PACKET_DROPPED_DETECTED",
"setting_id": "ggsswerr90254beccccaaazza05f17-2304",
"device_id": "CNXXYYZZAA",
"description": "Packet drop for IDS/IPS engine on Gateway CSIM_CNXXYYZZAA with serial CNXXYYZZAA has been above 75% for about 5 minutes since 2021-02-04 07:22:15 UTC.",
"state": "Open",
"severity": "Minor",
"operation": "create",
"timestamp": 1612423635,
"details": {
"name": "CSIM_CNXXYYZZAA",
"serial": "CNXXYYZZAA",
"threshold": "75",
"duration": "5",
"time": "2021-02-04 07:22:15 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "Packet drop for IDS/IPS engine on Gateway CSIM_CNXXYYZZAA with serial CNXXYYZZAA has been above 75% for about 5 minutes since 2021-02-04 07:22:15 UTC."
}
Gateway Emergency Mode
Generates an alert when a gateway enters the emergency mode, where all the uplinks are down and the backup uplink is activated.
{
"id": "AXdjJsYpo68tULajRXTU",
"nid": 1353,
"alert_type": "CONTROLLER_EMERGENCY_UP_LINK_MODE",
"setting_id": "6039f9543bac449291bfcd19eb10d1eb-1353",
"device_id": "CNM0010002",
"description": "Gateway GW-1 with serial CNM0010002 is operating on emergency mode at 2023-02-02 14:30:21 UTC",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1612276221,
"details": {
"name": "GW-1",
"serial": "CNM0010002",
"group": "0",
"labels": [],
"time": "2023-02-02 14:30:21 UTC"
},
"webhook": "a82456c8-1402-4fe1-a195-0131e6b392ee",
"text": "Gateway GW-1 with serial CNM0010002 is operating on emergency mode at 2023-02-02 14:30:21 UTC"
}
WAN Uplink Input Errors
Generates an alert when the percentage of WAN uplink input errors exceed the threshold value. In the Interface field, enter the interface name. You can add additional rule(s) for this alert.
{
"id": "AX0JamvlJ_Ty_F5wJkqF",
"nid": 1507,
"alert_type": "WAN_UPLINK_INPUT_ERRORS",
"setting_id": "6039f9543bac449291bfcd19eb10d1eb-1507",
"device_id": "CNA0000043",
"description": "Input errors for Uplink Interface GE 0/0/0 on Gateway CSIM_SCA with serial CNA0000043 has been above 1% for about 5 minutes since 2021-11-10 10:30:09 UTC.",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1636540509,
"details": {
"intf_name": "GE 0/0/0",
"hostname": "CSIM_SCA",
"serial": "CNA0000043",
"group": "0",
"labels": "48",
"_rule_number": "0",
"ds_key": "6039f9543bac449291bfcd19eb10d1eb.CNA0000043.intf.inerrors_percent.5m",
"duration": "5",
"threshold": "1",
"time": "2021-11-10 10:30:09 UTC"
},
"webhook": "4c09b716-eb38-4c4f-8a3f-61f476eb9ca6",
"text": "Input errors for Uplink Interface GE 0/0/0 on Gateway CSIM_SCA with serial CNA0000043 has been above 1% for about 5 minutes since 2021-11-10 10:30:09 UTC.",
"cluster_hostname": "app-yoda.arubathena.com"
}
WAN Uplink Output Errors
Generates an alert when the percentage WAN uplink output errors exceed the threshold value. In the Interface field, enter the interface name. You can add additional rule(s) for this alert.
{
"id": "AX0JazwZJ_Ty_F5wJkqp",
"nid": 1508,
"alert_type": "WAN_UPLINK_OUTPUT_ERRORS",
"setting_id": "6039f9543bac449291bfcd19eb10d1eb-1508",
"device_id": "CNA0000043",
"description": "Output errors for Uplink Interface GE 0/0/2 on Gateway CSIM_SCA with serial CNA0000043 has been above 1% for about 5 minutes since 2021-11-10 10:31:02 UTC.",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1636540562,
"details": {
"intf_name": "GE 0/0/2",
"hostname": "CSIM_SCA",
"serial": "CNA0000043",
"group": "0",
"_rule_number": "0",
"ds_key": "6039f9543bac449291bfcd19eb10d1eb.CNA0000043.intf.outerrors_percent.5m",
"duration": "5",
"threshold": "1",
"time": "2021-11-10 10:31:02 UTC"
},
"webhook": "4c09b716-eb38-4c4f-8a3f-61f476eb9ca6",
"text": "Output errors for Uplink Interface GE 0/0/2 on Gateway CSIM_SCA with serial CNA0000043 has been above 1% for about 5 minutes since 2021-11-10 10:31:02 UTC.",
"cluster_hostname": "app-yoda.arubathena.com"
}
WAN Uplink PHY Errors
Generates an alert when the percentage WAN uplink PHY errors exceed the threshold value. In the Interface field, enter the interface name. You can add additional rule(s) for this alert.
{
"id": "AX0Jamx2J_Ty_F5wJkqG",
"nid": 1509,
"alert_type": "WAN_UPLINK_PHY_ERRORS",
"setting_id": "6039f9543bac449291bfcd19eb10d1eb-1509",
"device_id": "CNA0000043",
"description": "PHY errors for Uplink Interface GE 0/0/2 on Gateway CSIM_SCA with serial CNA0000043 has been above 1% for about 5 minutes since 2021-11-10 10:30:09 UTC.",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1636540509,
"details": {
"intf_name": "GE 0/0/2",
"hostname": "CSIM_SCA",
"serial": "CNA0000043",
"group": "0",
"labels": "48",
"_rule_number": "0",
"ds_key": "6039f9543bac449291bfcd19eb10d1eb.CNA0000043.intf.phyerrors_percent.5m",
"duration": "5",
"threshold": "1",
"time": "2021-11-10 10:30:09 UTC"
},
"webhook": "4c09b716-eb38-4c4f-8a3f-61f476eb9ca6",
"text": "PHY errors for Uplink Interface GE 0/0/2 on Gateway CSIM_SCA with serial CNA0000043 has been above 1% for about 5 minutes since 2021-11-10 10:30:09 UTC.",
"cluster_hostname": "app-yoda.arubathena.com"
}
VPN Peer Failover
Generates an alert when all the tunnels from the gateway to the primary VPN controller go down including via backup uplink and establishes a tunnel with the secondary VPN controller.
{
"id": "AXvSPh4-Kzxaq3kj2rgh7",
"nid": 1504,
"alert_type": "WAN_UPLINK_LOAD_BALANCE_VPNC_PEER_FAILOVER",
"setting_id": "6039f9543bac449291bfcd19eb10d1eb-1504",
"device_id": "CZ0003243",
"description": " VPN peer failover for gateway 7024-HF254 with serial CN112233",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1648061695,
"details": {
"mac": "00:0b:86:f9:0d:d1",
"hostname": "7024-HF-254",
"serial": "CN112233",
"group": "6",
"labels": "2",
"_rule_number": "0",
"params": "",
"time": "2022-03-23 00:24:51 UTC"
},
"webhook": "87fae42a-78ec-45c0-a22a-4f81417cad56",
"text": "VPN peer failover for gateway 7024-HF254 with serial CN112233"
}
OSPF Session Error
Generates an alert when an OSPF session fails for the following session change reasons:
- NBO_BAD_LSREQ—Link State Request received for an LSA not in Database.
- NBO_SEQNUM_MISM—Unexpected DD sequence number.
- NBO_1WAY_RX—Hello received with router-id 0.
- NBO_KILL—Communication with neighbor is impossible.
- NBO_INACT_TIMER—No hello packets received from neighbor.
- Inactivity timer fired.
- NBO_LL_DOWN—Link layer indication that neighbor is not reachable.
- NBO_CHECKSUM_ERR—Received packet with checksum error.
{
"alert_type": "CONTROLLER OSPF SESSION ERROR",
"description": "OSPF session state change for Gateway with hostname GSK_VPNC2 and serial CN0003333 from Init State to Down State for neighbor 1.0.0.2 on interface 100 with reason No hello packets received from neighbour.Inactivity timer fired",
"timestamp": 1564121712,
"webhook": "60785e88-9513-4352-94d6-ec25fedbeddc",
"setting_id": "b27f67fa44234c51a890fccea7c9b83e-1354",
"state": "Open",
"nid": 1354,
"details": {
"dst_state": "Down State",
"neighbour_ip": "1.0.0.2",
"group": "4",
"uniq_identifier": "100-16777218",
"labels": [
"2",
"11",
"12",
"15",
"13",
"8"
],
"src_state": "Init State",
"reason": "No hello packets received from neighbour.Inactivity timer fired",
"time": "2019-07-26 06:15:12 UTC",
"interface": "100",
"serial": "CN0003333",
"hostname": "GSK_VPNC2"
},
"operation": "create",
"device_id": "CN0003333",
"id": "AWws60Yxon2R5PyMmUU4",
"severity": "Major"
}
SLA DPS Compliance Alert
Generates an alert when the WAN policy does not meet the compliance criteria.
{
"ack_by": null,
"ack_ts": 1579828824000,
"acknowledge": 0,
"cid": "201804172180",
"description": "SLA DPS Compliance Violations for Customer : Aruba, Device Hostname : bg2-ha2, Policy : all, Uplink : 400_lte, Probe Ip: 52.52.253.87, Threshold Profile : {u'dps_threshold_profile_name': u'BestForInternet', u'dps_threshold_profile_packet_loss_value': 1, u'dps_threshold_profile_bw_util_value': 80, u'dps_threshold_profile_latency_value': 1}, Violation Reason: Latency, Violation Value: 1.363ms",
"group_name": "",
"id": "AW_VItEnenGOhQ4XrMp_",
"labels": [],
"nid": 20,
"severity": 5,
"sites": [
{
"id": 38,
"name": "site_2"
}
],
"ts": 1579828824000,
"type": "DPS_COMPLIANCE_ALERT",
"type_desc": "SLA DPS Compliance Violations"
}
EST Enrollment Failure
Generates an alert when gateways fail to enroll or re-enroll with the EST server. To view the gateway EST alert, you must enable EST Enrolment Failure alerts in gateway alert configuration page. EST enrollment and re-enrollment failure alerts automatically closes after a success event is received.
{
"id": "AXvSPh4-Kzxaq3kj2rgh7",
"nid": 1701,
"alert_type": "EST enrollment failure",
"setting_id": "6039f9543bac449291bfcd19eb10d1eb-1504",
"device_id": "CZ0001133",
"description": " EST enrollment failure for Virtual Gateway with name : 7024-HF254, serial :CZ0001133, mac :00:bb:86:ff:0a:aa.",
"state": "Open",
"severity": "Critical",
"operation": "create",
"timestamp": 1648194475,
"details": {
"mac": "00:bb:86:ff:0a:aa",
"hostname": "7024-HF254",
"serial": "CZ0001133",
"group": "6",
"labels": "2",
"_rule_number": "0",
"params": "",
"time": "2022-03-25 13:17:51 UTC"
},
"webhook": "87fae42a-78ec-45c0-a22a-4f81417cad56",
"text": "EST enrollment failure for Virtual Gateway with name : 7024-HF-254, serial :CZ0001133, mac :00:bb:86:ff:0a:aa."
}
GW Cluster VLAN Mismatch
Generates an alert when one or more gateway(s) in a cluster have a mismatch in the VLAN.
{
"id": "AXd9rMzXo68tULajWxbZ",
"nid": 1801,
"alert_type": "GW_CLUSTER_VLAN_MISMATCH",
"setting_id": "abce082bef4a428bb31366f6d6ff223f-1801",
"device_id": "54",
"description": "There is a VLAN mismatch in cluster C1-C2C between Gateway with serial: CZ0022100 and Gateway with serial: CG0020034.",
"state": "Close",
"severity": "Minor",
"operation": "update",
"timestamp": 1612722281,
"details": {
"gateway2": "CG0020034",
"gateway1": "CZ0022100",
"serial": "54",
"alert_key": "CG0020729-CG0021234",
"time": "2021-02-07 18:06:52 UTC",
"cluster-name": "C1-C2C",
"group": "278",
"labels": []
},
"webhook": "52e0abbd-cdda-45f2-bd68-3107fef43841",
"text": "There is a VLAN mismatch in cluster C1-C2C between Gateway with serial: CZ0022100 and Gateway with serial: CG0020034."
}
Updated about 1 year ago