Monitoring the System with SNMP
You can use SNMP to monitor various aspects of the 61000/41000 Security System, including:
- Software versions
- Hardware status
- Key performance indicators
- Chassis high availability status
To monitor the system using SNMP
- Upload the MIB to your third-party SNMP monitoring software.
The SNMP MIB is located on each SGM under: $CPDIR/lib/snmp/chkpnt.mib
For monitoring the 61000/41000 Security System, the only supported OIDs are under
iso.org.dod.internet.private.enterprise.checkpoint.products.asg (OID 1.3.6.1.4.1.2620.1.48)
- Enable the SNMP agent on the 61000/41000 Security System.
In gclish, run: > set snmp agent on
SNMP Traps
The 61000/41000 Security System supports this SNMP trap only:
iso.org.dod.internet.private.enterprise.checkpoint.products.asgTrap
(OID 1.3.6.1.4.1.2620.1.2001)
The SNMP traps MIB is located on each SGM under: $CPDIR/lib/snmp/chkpnt-trap.mib
|
Note - The set snmp traps command is not supported. You must use the asg alert configuration wizard for this purpose.
|
To learn more about SNMP, see Configuring asg alerts.
SNMP in a VSX Gateway
There are two SNMP modes for a 61000/41000 Security System configured as a VSX Gateway:
|
|
|
|
Default Mode -
|
Monitor global SNMP data from the 61000/41000 Security System. Data is accumulated from all SGMs for all Virtual System.
|
Virtual Systems Mode
|
Monitor each Virtual System separately.
|
|
Note - SNMP traps are supported for VS0 only.
|
Supported SNMP Versions
The SNMP Virtual Systems mode uses SNMP version 3 to query the Virtual Systems. You can run remote SNMP queries on each Virtual System in the VSX Gateway.
For systems that only support SNMP versions 1 and 2:
- You cannot run remote SNMP queries for each Virtual System. You can only run a remote SNMP query on VS0.
- You can use gclish to change the Virtual System context and then run a local SNMP query on it.
Enabling the SNMP Virtual System Mode
To use SNMP Per Virtual Systems:
- Run this command to configure an SNMP V3 user:
> add snmp usm user jon security-level authNoPriv authpass-phrase VALUE - Run one of these commands to set the SNMP mode:
> set snmp mode vs or > set snmp mode default - To start SNMP agent, run:
> set snmp agent on
To see Virtual System throughput from a Linux host:
# snmpwalk -m $CPDIR/lib/snmp/chkpnt.mib -n ctxname_vsid1 -v 3 -l authNoPriv -u jon -A mypassword 192.0.2.72 asgThroughput
To query Virtual System throughput, from its context:
- Go to the expert mode.
- To change to the applicable Virtual System, run:
> vsenv <vs_ids> - Run:
# snmpwalk -m $CPDIR/lib/snmp/chkpnt.mib -v 2c -c public localhost asgThroughput
|