threshold_config

Description

You can configure a variety of different SNMP thresholds that generate SNMP traps, or alerts.

You can use these thresholds to monitor many system components automatically without requesting information from each object or device.

You configure these SNMP Monitoring Thresholds only on the Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server., Multi-Domain ServerClosed Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS., or Domain Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server..

During policy installation, the managed a Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. and Clusters receive and apply these thresholds as part of their policy.

For more information, see sk90860: How to configure SNMP on Gaia OS.

Procedure

Step

Instructions

1

Connect to the command line on the Management Server.

2

Log in to the Expert mode.

3

On a Multi-Domain Server, switch to the context of the applicable Domain Management Server:

[Expert@HostName:0]# mdsenv <Name or IP address of Domain Management Server>

4

Go to the Threshold Engine Configuration menu:

[Expert@HostName:0]# threshold_config

5

Select the applicable options and configure the applicable settings

(see the Threshold Engine Configuration Options table below).

Threshold Engine Configuration Options:
---------------------------------------
 
(1) Show policy name
(2) Set policy name
(3) Save policy
(4) Save policy to file
(5) Load policy from file
(6) Configure global alert settings
(7) Configure alert destinations
(8) View thresholds overview
(9) Configure thresholds
 
(e) Exit (m) Main Menu
 
Enter your choice (1-9) :

6

Exit from the Threshold Engine Configuration menu.

7

Stop the CPD daemon:

[Expert@HostName:0]# cpwd_admin stop -name CPD -path "$CPDIR/bin/cpd_admin" -command "cpd_admin stop"

See cpwd_admin stop.

8

Start the CPD daemon:

[Expert@HostName:0]# cpwd_admin start -name CPD -path "$CPDIR/bin/cpd" -command "cpd"

See cpwd_admin start.

9

Wait for 10-20 seconds.

10

Verify that CPD daemon started successfully:

[Expert@HostName:0]# cpwd_admin list | egrep "STAT|CPD"

See cpwd_admin list.

11

In SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., install the Access Control Policy on Security Gateways and Clusters.

Threshold Engine Configuration Options

Menu item

Description

(1) Show policy name

Shows the name of the current configured threshold policy.

(2) Set policy name

Configures the name for the threshold policy.

If you do not specify it explicitly, then the default name is "Default Profile".

(3) Save policy

Saves the changes in the current threshold policy.

(4) Save policy to file

Exports the configured threshold policy to a file.

If you do not specify the path explicitly, the file is saved in the current working directory.

(5) Load policy from file

Imports a threshold policy from a file.

If you do not specify the path explicitly, the file is imported from the current working directory.

(6) Configure global alert settings

Configures global settings:

  • How frequently alerts are sent (configured delay must be greater than 30 seconds)

  • How many alerts are sent

(7) Configure alert destinations

Configures the SNMP Network Management System (NMS), to which the managed Security Gateways and ClusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Members send their SNMP alerts.

Configure Alert Destinations Options:
-------------------------------------
(1) View alert destinations
(2) Add SNMP NMS
(3) Remove SNMP NMS
(4) Edit SNMP NMS

(8) View thresholds overview

Shows a list of all available thresholds and their current settings. These include:

  • Name

  • Category (see the next option "(9)")

  • State (disabled or enabled)

  • Threshold (threshold point, if applicable)

  • Description

(9) Configure thresholds

Shows the list of threshold categories to configure.

Thresholds Categories
----------------------
(1) Hardware
(2) High Availability
(3) Local Logging Mode Status
(4) Log Server Connectivity
(5) Networking
(6) Resources

See the Thresholds Categories table below.

Thresholds Categories

Category

Sub-Categories

(1) Hardware 

Hardware Thresholds:
--------------------
(1) RAID volume state
(2) RAID disk state
(3) RAID disk flags
(4) Temperature sensor reading
(5) Fan speed sensor reading
(6) Voltage sensor reading

(2) High Availability 

High Availability Thresholds:
-----------------------------
(1) Cluster member state changed
(2) Cluster block state
(3) Cluster state
(4) Cluster problem status
(5) Cluster interface status

(3) Local Logging Mode Status 

Local Logging Mode Status Thresholds:
-------------------------------------
(1) Local Logging Mode

(4) Log Server Connectivity 

Log Server Connectivity Thresholds:
-----------------------------------
(1) Connection with log server
(2) Connection with all log servers

(5) Networking 

Networking Thresholds:
----------------------
(1) Interface Admin Status
(2) Interface removed
(3) Interface Operational Link Status
(4) New connections rate
(5) Concurrent connections rate
(6) Bytes Throughput
(7) Accepted Packet Rate
(8) Drop caused by excessive traffic

(6) Resources 

Resources Thresholds:
---------------------
(1) Swap Memory Utilization
(2) Real Memory Utilization
(3) Partition free space
(4) Core Utilization
(5) Core interrupts rate

Notes:

  • If you run the threshold_config command locally on a Security Gateway or Cluster Members to configure the SNMP Monitoring Thresholds, then each policy installation erases these local SNMP threshold settings and reverts them to the global SNMP threshold settings configured on the Management Server that manages this Security Gateway or Cluster.

  • On a Security Gateway and Cluster Members, you can save the local Threshold Engine Configuration settings to a file and load it locally later.

  • The Threshold Engine Configuration is stored in the $FWDIR/conf/thresholds.conf file.

  • In a Multi-Domain Security Management environment:

    • You can configure the SNMP thresholds in the context of Multi-Domain Server (MDS) and in the context of each individual Domain Management Server.

    • Thresholds that you configure in the context of the Multi-Domain Server are for the Multi-Domain Server only.

    • Thresholds that you configure in the context of a Domain Management Server are for that Domain Management Server and its managed Security Gateway and Clusters.

    • If an SNMP threshold applies both to the Multi-Domain Server and a Domain Management Server, then configure the SNMP threshold both in the context of the Multi-Domain Server and in the context of the Domain Management Server.

      However, in this scenario you can only get alerts from the Multi-Domain Server, if the monitored object exceeds the threshold.

      Example:

      If you configure the CPU threshold, then when the monitored value exceeds the configured threshold, it applies to both the Multi-Domain Server and the Domain Management Server. However, only the Multi-Domain Server generates SNMP alerts.