Meraki Security Appliance Tunnels
We monitor several large Meraki networks for customers, and we’ve recently switched to LogicMonitor’s newer Meraki monitoring method for a few of them. One challenge we're running into is with the Meraki Security Appliance Tunnel datasource.
With the Hub(Mesh) configuration, each Meraki security appliance gets a tunnel datasource instance for both WAN1 and WAN2, even if only one WAN is in use.
The issue: when a firewall at Location A goes down, it triggers an alert from the Cisco_Meraki_SecurityApplianceHealth datasource (which is expected). But in addition to that, we also receive multiple alerts:
- A tunnel alert for every tunnel on the device
- 2 tunnel alerts on each remote firewall in the mesh that has a tunnel to that location(wan1 & wan2)
This results in a flood of alerts, even though it all stems from a single tunnel being offline.
To cut down on the noise, I tried building a Service and adding all the tunnel instances to it. That helps, but the Service alert only says the service is out of compliance—it doesn’t tell me which tunnel is down.
Has anyone come up with a better way to monitor Meraki tunnels using the newer integration, without generating excessive alerts when one device goes offline?
I'd almost prefer some ORG level device like the legacy method has and put the tunnel connections there whether they are Site-to-Site or 3rd Party. When a tunnel goes down I don't need every FW in the environment alerting that the tunnel is down.