Announcing indeni 5.3: more than 400 improvements!
Key takeawaysThis key takeaway was generated through LLMs crawling the page and coming up with an overview of the content.Indeni 5.3 introduces over 400 infrastructure improvements, bug fixes, new content, and expanded support for Palo Alto Networks firewalls to improve device analysis, alerting, and performance across Check Point, Palo Alto Networks, F5, Cisco, Juniper and VMware environments. The release changes Check Point communication by moving from port 8181 to SSH port 22, adds new signatures for process, configuration and version checks, and fixes numerous false positives, reporting and collection issues that previously impacted operational reliability. Key outcomes include improved network health performance, reduced false alerts, enhanced device backup and analysis behavior, and targeted fixes for CPU, memory, licensing, and virtual system identification problems.
What major communication change affected Check Point users in indeni 5.3 and what should administrators do?
Starting with indeni 5.3, indeni no longer uses port 8181 to communicate with Check Point firewalls; instead it uses port 22 (standard SSH). The advantages previously provided by port 8181 are now built into SSH usage on port 22. Administrators managing Check Point devices should ensure SSH access on port 22 is properly configured and that indeni can reach devices via SSH; if support is needed for an earlier product version prior to the main release, customers can contact [email protected] for a running build.
Which new signatures and alerts were introduced in this 5.3 release and what devices do they target?
The release added multiple new signatures: IK-2301 alerts when the in.ahclientd OS process goes down (Check Point), IK-2273 checks for hotfixes used with the wrong take (Check Point), IK-2272 checks TCP/UDP ports against a baseline (Check Point), IK-2271 alerts on older software versions (Palo Alto Networks), IK-2218 checks for local rules on firewalls managed by Panorama (Palo Alto Networks), IK-2217 alerts when cluster members run different software/Wildfire/AV versions (Palo Alto Networks), IK-2191 alerts when a job is stuck in pending (Palo Alto Networks). These signatures target Check Point and Palo Alto Networks firewalls specifically.
What categories of bugs and improvements were fixed in 5.3 that impact analysis, alerting, and performance?
Indeni 5.3 includes fixes and minor improvements across analysis, alerting, and performance: Network Health performance improvements (IS-1813), removal of TLS v1.0 and RC4 ciphersuites (IS-1773), more exhaustive Device Explorer search (IS-1776), better handling of device backups and temporary files (IS-1767), added alert timestamps (IS-1765), and numerous fixes for false positives/negatives and parsing issues across Check Point, Palo Alto Networks, F5, Cisco and Juniper (for example IK-2377, IK-2357, IK-2348, IK-2326, IK-2319). The release also addresses storage and threading issues, reduces alert noise by aggregating related alerts, and improves identification of virtual systems, CPU/memory calculations, and licensing logic.
Welcome 5.3!
In this release we’ve included over 400 improvements to the underlying infrastructure and bugfixes, added new content and expanded our Palo Alto Networks firewalls’ support. Please reach out to our support team to get the updated release.
IMPORTANT NOTE TO CHECK POINT USERS: Starting with 5.3, indeni no longer uses port 8181 to communicate with the firewall. The advantages of using port 8181 prior to 5.3 are now built into the use of port 22, the standard SSH port.
NOTE: Customers who require support of a given product version prior to the main release can contact [email protected] and a running build will be provided.
Select new signatures:
- IK-2301: Signature Request: alert when the in.ahclientd operating system process goes down (Check Point firewalls)
- IK-2273: Configuration Check Request: alert when a specified hotfix is used with the wrong take (Check Point firewalls)
- IK-2272: Configuration Check Request: alert when the TCP and UDP ports open on a given device do not follow the baseline (Check Point firewalls)
- IK-2271: Alert when a device is running older versions of software (Palo Alto Networks firewalls)
- IK-2218: Configuration Check: alert when a firewall that is managed by Panorama is also using local rules (Palo Alto Networks firewalls)
- IK-2217: Alert when one member of a firewall cluster is running an older software version than the other, including Wildfire and AV updates (Palo Alto Networks firewalls)
- IK-2191: Signature Request: alert when a job is stuck in pending (Palo Alto Networks firewalls)
Select bugs fixed and minor improvements:
- IS-1813: Network Health: Improve performance and reduce impact on other web console operations
- IS-1808: Deprecated: Configuration Journal (under Compliance Management), will be reinstated at a later version with a rewritten algorithm
- IS-1797: Analysis Tab: In some occasions, the dates were wrong
- IS-1776: Device Explorer: Make the search more exhaustive
- IS-1773: Stop using TLS v1.0 and all RC4 ciphersuites
- IS-1771: Add the name of the affected domain or virtual system in e-mail alerts
- IS-1767: Ensure no temporary files remain on the analyzed device after a failed backup
- IS-1765: Add alert creation timestamps in the Alert Summary report
- IS-1457: Better handling of unrelated log messages appearing during device backup (Check Point firewalls)
- IS-1446: Fixed multiple scenarios where the indeni web console is overloading indeni’s backend
- IS-1441: Remove redundant groups showing for F5 devices
- IS-1424: Verified that fw_worker CPU usage is working on all scenarios
- IS-1411: Install VMWare Tools in order to decrease the likelihood of file corruption due to hard power off of the virtual machine that indeni is running on.
- IS-1399: Juniper Junos (SRX): failure to parse certain process names and data
- IS-1348: Scheduled reports not adhering to DST changes
- IK-2388: Operating system processes not shown in “High Average CPU Usage” alert for Cisco switches and routers
- IK-2377: Improve the logic for the safeguard triggered during high CPU
- IK-2375: Reduce storage used by operating system process data when collected from analyzed devices
- IK-2363: Reduce the number of commands run simultaneously on smaller Check Point IP appliances
- IK-2359: Consolidate alerts for “operating system process is down” checks
- IK-2357: Improve collection of operating system process data in Palo Alto Networks firewalls
- IK-2348: Issue Failed to Communicate for devices that present a non-standard password prompt (Check Point IP appliances)
- IK-2346: Simplify license verification logic and improve its performance
- IK-2344: Device backups run immediately, in some cases, after configuring them instead of waiting for the scheduled time
- IK-2339: Increase sensitivity of “swap memory usage” alert
- IK-2338: Improved alerting for known vulnerabilities in Cisco software
- IK-2327: Ensure trending database files are safeguarded from multiple write operations running in parallel
- IK-2326: Adjust calculation of memory utilization of management pane (Palo Alto Networks firewalls)
- IK-2321: Add identification of CPU utilization of separate cores and planes (Palo Alto Networks firewalls)
- IK-2319: False positive: “no valid license exists” (Check Point VSX firewalls)
- IK-2314: False positive: “DNS server resolution test failed” when DNS resolution takes 0 milliseconds
- IK-2305: Analysis Tab: network interface related graphs missing sometimes
- IK-2302: Failure to correctly identify and handle virtual systems in certain versions (Check Point VSX)
- IK-2287: Network Health: resolve performance degradation caused by a high number of critical alerts
- IK-2270: “High Average CPU Usage” alert not triggering in certain cases
- IK-2263: Eliminate idle sessions left open by indeni’s analysis of a device (Palo Alto Networks firewalls)
- IK-2254: Identification of virtual system fails in certain cases (Check Point VSX firewalls)
- IK-2252: Increase default threshold for DNS response time check
- IK-2251: Analysis Tab: holes appear in graphs in certain circumstances
- IK-2248: Improve identification of shell prompt (F5 load balancers)
- IK-2245: Improve NTP issue alerting and reduce potential false positives (Palo Alto Networks firewalls)
- IK-2240: False positive: “firewall is in a critical state” for certain virtual systems (Check Point VSX)
- IK-2237: Error during parsing of job data for certain jobs still executing (Palo Alto Networks firewalls)
- IK-2231: Increase thresholds for the “file descriptor leak” alert
- IK-2224: Improve alerting when communication with a device has failed during setup
- IK-2220: Read the list of firewalls from Panorama to ease adding of new firewalls to indeni (Palo Alto Networks firewalls)
- IK-2216: Adjust “High Storage Usage” alerts for storages that are normally above 80%, such as /opt/panlogs (Palo Alto Networks firewalls)
- IK-2215: Support routing domains for Self IP (F5 load balancers)
- IK-2209: Several performance improvements and bottleneck reductions in the analysis engine
- IK-2199: False positive: identification of a second power supply when one does not exist on an IP appliances (Check Point firewalls)
- IK-2195: Actual Configuration: missing information for specific virtual systems running on certain software versions (Check Point VSX)
- IK-2194: False positive: alert for “management server HA sync issues” triggered for self synchronization (Check Point firewalls)
- IK-2187: False Negative: “ICMP redirects not allowed” not triggered in certain situations (Check Point firewalls)
- IK-2174: “Core dump files found” alert appearing with significant delay
- IK-2173: False Positive: “ClusterXL member is in a critical state” triggered in some Active/Active states (Check Point firewalls)
- IK-2171: Analysis automatically suspended due to a false identification of repeated restart (Cisco routers and switches)
- IK-2168: Fix access test for certificate authority
- IK-2167: False Positive: alerts issued regarding certain kernel tables nearing their maximum, due to a miscalculation of the maximum (Check Point firewalls)
- IK-2162: Aggregate multiple alerts for problematic log lines into one alert to reduce alert count
- IK-2157: Storage utilization information missing for some devices (Check Point firewalls)
- IK-2147: Identify clusters of firewalls (Palo Alto Networks firewalls)
- IK-2124: Ensure user is using tmsh and not bash during analysis (F5 load balancers)
- IK-2115: Configuration Check: the check for users defined may have false positives (Check Point firewalls)
- IK-2089: SSH-based analysis doesn’t handle RADIUS-related error messages appearing during login
- IK-2071: False Positive: “License(s) usage high” (Check Point VSX)
- IK-2061: Inventory Report: each VS on a VSX appears with a separate line but without the VS’s name (Check Point VSX)
- IK-2049: SSL transactions per second (TPS) calculated incorrectly (F5 load balancers)
- IK-2043: False Positive: “No sync interface defined for cluster member” in certain situations (Check Point firewalls)
- IK-2039: Logs relating to SSH sessions flooding /var/log/messages (Check Point firewalls)
- IK-1994: Failure to identify the amount of kernel memory used in certain software versions (Check Point VSX)
- IK-1954: “SSH session timeout” too short for many devices
- IK-1931: “Failed to Communicate” alert not generated when wrong username and password is used (F5 load balancers)
- IK-1907: Cannot read output of “cpstat sensors” in some cases (Check Point firewalls)
- IK-1819: “High CPU usage of specific cores” should only alert on a machine with more than one core
- IK-1647: “Failed to Communicate” alert not generated when device is reinstalled (Cisco routers and switches)
- IK-1612: “Connection lost to log servers” alert doesn’t automatically resolve when the missing log server is removed from the management server’s database (Check Point firewalls)
- IK-1582: Alerts pertaining to the behavior of the sync network are missing a reference to SK34475 (Check Point firewalls)
- IK-1524: /var/tmp on certain devices contains remainders of indeni-specific temporary files (Check Point firewalls)
Related content
BlueCat moves agentic AI from insight to action with new AI integrations
Extends its Intelligent NetOps platform to help organizations unlock measurable AI value through a unified data foundation
BlueCat appoints Jeff McCullough as Vice President, Worldwide Channel and Alliance
Experienced channel leader will drive partner-led growth and support partners in generating revenue and value within BlueCat’s global ecosystem
BlueCat introduces BlueCat Horizon, a SaaS-first Intelligent NetOps platform for cross-domain network operations
The platform delivers a unified control plane for DNS, DHCP, IPAM, security, and observability, empowering rapid, automated action across networks
Fewer than half of enterprises are fully successful with network observability tools
Fragmented tools and cloud blind spots are straining NetOps, but a new five-stage maturity model charts the path to excellence.