Recurring "rta nan, lost 100%" after replacing our firewalls

CMK version:2.1.0p12 & 2.3.0p23
OS version:Debian 11

Error message:rta nan, lost 100%

Hi,

Since we changed our firewall cluster Stormshield SN2000 for a LAN firewall cluster WatchGuard Firebox M590 and a WAN firewall cluster FortiGate 120G, Checkmk is recurringly considering that many of our hosts are down while they’re not:

Capture d'écran 2025-02-11 1525221490×925 130 KB

I’ve been looking into the per default rate limiting on our new LAN firewall cluster (M590) without any success.

Consecutively, I’ve tried to soften the host check ping behaviour through the host monitoring rule without any more success. Even setting up a specific host check command doesn’t work for me as using this all our hosts are up even though some should be down.

Do you have any tip on how I should investigate and address this issue please?

Many thanks

Hi,

Just to confirm that the issue was on the firewall side. There is a default parameter which limit the number of connections per second from a single host to 100. I’ve increased this limitation, and everything is back to normal.

Cheers.

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.