Open Frames Download Complete PDF Send Feedback Print This Page

Previous

Next

Monitoring the System with SNMP

You can use SNMP to monitor various aspects of the 61000/41000 Security System, including:

  • Software versions
  • Hardware status
  • Key performance indicators
  • Chassis high availability status

To monitor the system using SNMP

  1. Upload the MIB to your third-party SNMP monitoring software.

    The SNMP MIB is located on each SGM under: $CPDIR/lib/snmp/chkpnt.mib

    For monitoring the 61000/41000 Security System, the only supported OIDs are under
    iso.org.dod.internet.private.enterprise.checkpoint.products.asg (OID 1.3.6.1.4.1.2620.1.48)

  2. Enable the SNMP agent on the 61000/41000 Security System.

    In gclish, run:
    > set snmp agent on

SNMP Traps

The 61000/41000 Security System supports this SNMP trap only:
iso.org.dod.internet.private.enterprise.checkpoint.products.asgTrap
(OID 1.3.6.1.4.1.2620.1.2001)

The SNMP traps MIB is located on each SGM under: $CPDIR/lib/snmp/chkpnt-trap.mib

Note - The set snmp traps command is not supported. You must use the asg alert configuration wizard for this purpose.

To learn more about SNMP, see Configuring asg alerts.

SNMP in a VSX Gateway

There are two SNMP modes for a 61000/41000 Security System configured as a VSX Gateway:

Default Mode -

Monitor global SNMP data from the 61000/41000 Security System. Data is accumulated from all SGMs for all Virtual System.

Virtual Systems Mode

Monitor each Virtual System separately.

Note - SNMP traps are supported for VS0 only.

Supported SNMP Versions

The SNMP Virtual Systems mode uses SNMP version 3 to query the Virtual Systems. You can run remote SNMP queries on each Virtual System in the VSX Gateway.

For systems that only support SNMP versions 1 and 2:

  • You cannot run remote SNMP queries for each Virtual System. You can only run a remote SNMP query on VS0.
  • You can use gclish to change the Virtual System context and then run a local SNMP query on it.

Enabling the SNMP Virtual System Mode

To use SNMP Per Virtual Systems:

  1. Run this command to configure an SNMP V3 user:
    > add snmp usm user jon security-level authNoPriv authpass-phrase VALUE
  2. Run one of these commands to set the SNMP mode:
    > set snmp mode vs
    or
    > set snmp mode default
  3. To start SNMP agent, run:
    > set snmp agent on

To see Virtual System throughput from a Linux host:

# snmpwalk -m $CPDIR/lib/snmp/chkpnt.mib -n ctxname_vsid1 -v 3 -l authNoPriv -u jon -A mypassword 192.0.2.72 asgThroughput

To query Virtual System throughput, from its context:

  1. Go to the expert mode.
  2. To change to the applicable Virtual System, run:
    > vsenv <vs_ids>
  3. Run:
    # snmpwalk -m $CPDIR/lib/snmp/chkpnt.mib -v 2c -c public localhost asgThroughput

Related Topics

Common SNMP MIBs

 
Top of Page ©2014 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print