SNMP for Security Groups

Important - This topic described the steps to get aggregated SNMP data from all Security Group Members.

To get SNMP data from a specific Security Group Member, see SNMP for Security Group Members.

You can use SNMP to monitor different aspects of a Security Group, including:

Software versions
Hardware status
Key performance indicators
High Availability status

Prerequisites

Step

Instructions

On the Security Group, in Gaia Portal or Gaia gClish:

Enable the SNMP Agent.

Configure SNMP settings.

Best Practice - Use only SNMP v3.

See the R82 Gaia Administration Guide > Chapter "System Management" > Section "SNMP".

Upload these Check Point MIB files from the Security Group to your third-party SNMP monitoring software:

The SNMP MIB file:

$CPDIR/lib/snmp/chkpnt.mib
The SNMP Trap MIB file:

$CPDIR/lib/snmp/chkpnt-trap.mib

(The /etc/snmp/GaiaTrapsMIB.mib file is not supported.)

Supported SNMP OIDs for Security Groups

Supported SNMP OIDs from the $CPDIR/lib/snmp/chkpnt.mib file

Explanation

OID Name

OID Numerical Value

OID Description

asg

1.3.6.1.4.1.2620.1.48

Main OID branch.

asgProductName

1.3.6.1.4.1.2620.1.48.1

Product name.

asgVer

1.3.6.1.4.1.2620.1.48.2

Build version.

asgKernelVer

1.3.6.1.4.1.2620.1.48.3

Kernel version.

asgBuildNum

1.3.6.1.4.1.2620.1.48.4

Build number.

asgMaximumBladesPerChassis

1.3.6.1.4.1.2620.1.48.7

Maximum number of Security Group Members per Site.

asgActiveBladesBitmask

1.3.6.1.4.1.2620.1.48.8

Bitmask of active Security Group Members:

Site 1 - 16 Least Significant Bits
Site 2 - 16 Most Significant Bits

Example:

asgActiveBladesBitmask = 00030002 means that

The Security Group Member 2 is active on Site 1.
The Security Group Members 1 and 2 are active on Site 2.

asgInstalledBladesBitmask

1.3.6.1.4.1.2620.1.48.9

Bitmask of installed Security Group Members:

Site 1 - 16 Least Significant Bits
Site 2 - 16 Most Significant Bits

Example:

asgInstalledBladesBitmask = 00030002 means that

The Security Group Member 2 is installed on Site 1.
The Security Group Members 1 and 2 are installed on Site 2.

asgInstalled

1.3.6.1.4.1.2620.1.48.10

Date and time of the software installation.

asgSystemUp

1.3.6.1.4.1.2620.1.48.11

Time elapsed since the last startup.

asgEvent

1.3.6.1.4.1.2620.1.48.12

A string that contains the last SNMP Trap sent.

asgStatusCode

1.3.6.1.4.1.2620.1.48.13

Status code.

asgStatShort

1.3.6.1.4.1.2620.1.48.14

Status short description.

asgStatLong

1.3.6.1.4.1.2620.1.48.15

Status long description.

asgSecureXLStatusBitmask

1.3.6.1.4.1.2620.1.48.16

Bitmask of the SecureXL status:

Site 1 - 16 Least Significant Bits
Site 2 - 16 Most Significant Bits

Example:

asgSecureXLStatusBitmask = 00030002 means that

SecureXL is enabled on the Security Group Member 2 on Site 1.
SecureXL is enabled on the Security Group Members 1 and 2 on Site 2.

asgAttachedBladesBitmask

1.3.6.1.4.1.2620.1.48.17

Bitmask of attached Security Group Members:

Site 1 - 16 Least Significant Bits
Site 2 - 16 Most Significant Bits

Example:

asgAttachedBladesBitmask = 00030002 means that

The Security Group Member 2 is attached on Site 1.
The Security Group Members 1 and 2 are attached on Site 2.

asgIPv4PerformanceCounters

1.3.6.1.4.1.2620.1.48.20

Various IPv4 performance counters:

Throughput
Connection rate
Packet rate

asgIPv6PerformanceCounters

1.3.6.1.4.1.2620.1.48.21

Various IPv6 performance counters:

Throughput
Connection rate
Packet rate

asgHwMonitoring

1.3.6.1.4.1.2620.1.48.22

Hardware sensors (only on Scalable Chassis).

asgResourceTable

1.3.6.1.4.1.2620.1.48.23

Table that contains information and measured values of memory and disk partitions.

asgProtocolTraffic

1.3.6.1.4.1.2620.1.48.24

Various counters for processed traffic protocols:

Protocol name
Total number of processed connections
Total number of processed packets
Total number of processed bytes

asgProtocolTraffic

1.3.6.1.4.1.2620.1.48.25

Various counters for processed traffic ports (services):

Service name
Total number of processed connections
Total number of processed packets
Total number of processed bytes

asgSetup

1.3.6.1.4.1.2620.1.48.26

Network information:

Indexes of interfaces
Names of interfaces
IPv4 addresses of interfaces
IPv6 addresses of interfaces
MAC addresses of interfaces
State of interfaces
Speed of interfaces
MTU of interfaces
Duples of interfaces
Total received data through interfaces
Total transmitted data through interfaces

asgProblemTable

1.3.6.1.4.1.2620.1.48.27

asgChassisInfo

1.3.6.1.4.1.2620.1.48.28

Information about the Dual Site:

Single Site or Dual Site
High Availability Mode- "Primary Up" or "Active Up".
State of the synchronization between the Sites
Parameters - status, grade, unique IP address
Information about Security Group Members
Information about factors:
1. SGM
2. Failover
3. Port (Standard Priority)
4. Port (High Priority)
5. Sync between Chassis Ratio
6. Fans
7. SSMs
8. CMMs
9. PSUs
10. Pingable Hosts
Information about port priority

asgCoresUtilTable

1.3.6.1.4.1.2620.1.48.29

CPU utilization (in %) on each Security Group Member.

asgVSX

1.3.6.1.4.1.2620.1.48.30

Information about Traditional VSX mode for each Virtual System and in total:

VSLS state
Number of connections
Memory utilization
CPU utilization
Number of packets
Throughput
Connection rate

asgDiagnostic

1.3.6.1.4.1.2620.1.48.31

List of diagnostic tests and their result.

Best Practice - Run the "insights" command (insights) or the "hcp" command (hcp) on a regular basis.

Supported SNMP Trap OIDs for Security Groups

Note - The /etc/snmp/GaiaTrapsMIB.mib file is not supported.

Supported SNMP Trap OIDs from the $CPDIR/lib/snmp/chkpnt-trap.mib file

Explanation

OID Name	OID Numerical Value	OID Description
`asgTrap`	`1.3.6.1.4.1.2620.1.2001`	Main OID branch.
`asgTrapInfo`	`1.3.6.1.4.1.2620.1.2001.0`	Information about the SNMP Trap message: Site ID (Chassis ID) Security Group Member ID (Blade ID) Alert message text Alert message priority SNMP OID that triggered the alert Security Group Member's serial number Security Group Member's CPU core ID SNMP trap category
`asgTrapHA`	`1.3.6.1.4.1.2620.1.2001.1`	In Dual Site: State of Site (Chassis state) State of a Security Group Member (Blade state) Cluster problem status Monitor state
`asgTrapNet`	`1.3.6.1.4.1.2620.1.2001.2`	Information about an interface: Interface Status Alert Administrative Status Alert
`asgTrapDisk`	`1.3.6.1.4.1.2620.1.2001.3`	Information about storage devices: Disk partiton is full State of a RAID volume State of a RAID disk
`asgTrapCPU`	`1.3.6.1.4.1.2620.1.2001.4`	Information about CPU cores: Utilization of CPU core Number of interrupts in a CPU core
`asgTrapMemory`	`1.3.6.1.4.1.2620.1.2001.5`	Information about memory: Utilization of swap memory Utilization of real memory
`asgTrapCplic`	`1.3.6.1.4.1.2620.1.2001.6`	Information about a license
`asgTrapHWSensor`	`1.3.6.1.4.1.2620.1.2001.7`	Information about hardware sensors (only on Scalable Chassis): Temperature Fan speed Voltage SSM CMM
`asgTrapPerf`	`1.3.6.1.4.1.2620.1.2001.8`	Information about performance: Connection rate (conn/sec) on each Security Group Member Number of concurrent connections on each Security Group Member Total number of concurrent connections on a Security Group Connection rate (conn/sec) on a Security Group Throughput (bits/sec) on each Security Group Member Total throughput (bits/sec) on a Security Group Packet rate (packets/sec) on each Security Group Member Total packet rate (packets/sec) on a Security Group
`asgTrapGeneral`	`1.3.6.1.4.1.2620.1.2001.10`	Additional information: Route inconsistency Periodic system diagnostics State of pingable hosts Memory leak detection reached a threshold Activation of the SecureXL Accelerated SYN Defender State of a port in an LSP Group changed

Supported additional SNMP Trap OIDs

Explanation

Syntax in Gaia gClish on a Security Group to see all supported thresholds:

show cluster alert_threshold[Esc][Esc]

Syntax in Gaia gClish on a Security Group to see the description of a threshold:

show cluster alert_threshold <Threshold Name>[Space][Shift+?]

Syntax in Gaia gClish on a Security Group to see the current threshold value:

show cluster alert_threshold <Threshold Name>

Syntax in Gaia gClish on a Security Group to configure a threshold value:

set cluster alert_threshold <Threshold Name> <Threshold Value>

SNMP Trap Name	SNMP Trap Description
`AsgDiagAllTests`	Sends an SNMP Trap with the results of all applicable tests.
`BladeStateEvent`	The state of a Security Group Member changed.
`ChassisStateEvent`	The state of a Site changed.
`ConcurrConnEvent`	The number of concurrent connections is above or lower than the configured thresholds. Thresholds: `concurr_conn_threshold_high` High threshold for concurrent connections, per CPU Default: 2,000,000 `concurr_conn_threshold_low_ratio` Low threshold for concurrent connections, as percentage from the high threshold Default: 80% `concurr_conn_total_threshold_high` High threshold for total concurrent connections, system-wide Default: 20,000,000 `concurr_conn_total_threshold_low_ratio` Low threshold for system-wide total concurrent connections, as percentage from the high threshold Default: 80%
`ConnRateEvent`	The rate of connections is above or lower than the configured thresholds. Thresholds: `conn_rate_threshold_high` High threshold for connection rate (conn/sec), per CPU Default: 30,000 `conn_rate_threshold_low_ratio` Low threshold for connection rate (conn/sec), as percentage from the high threshold Default: 80% `conn_rate_total_threshold_high` High threshold for total connection rate (conn/sec), system-wide Default: 300,000 `conn_rate_total_threshold_low_ratio` Low threshold for system-wide total connection rate (conn/sec), as percentage from the high threshold Default: 80%
`CPUUsagePeak`	The CPU utilization is above or lower than the configured thresholds. Thresholds: `cpu_load_threshold_perc_high` High threshold for CPU utilization Default: 75% `cpu_load_threshold_perc_low_ratio` Low threshold for CPU utilization, as percentage from the high threshold Default: 80%
`HdUtilEvent`	The hard disk utilization is above or lower than the configured thresholds. Thresholds: `hd_util_threshold_perc_high` High threshold for hard drive utilization Default: 80% `hd_util_threshold_perc_low_ratio` Low threshold for hard drive utilization, as percentage from the high threshold Default: 80%
`HWMonitorFansEvent`	Applies only to Scalable Chassis. One of these: The state of a Fan changed. The Fan speed is above or lower than the configured threshold.
`HWMonitorPowerEvent`	Applies only to Scalable Chassis. One of these: The state of a Power Supply Unit changed. The Power Supply Unit voltage is above or lower than the configured threshold.
`HWMonitorSSMEvent`	Applies only to Scalable Chassis. One of these: The state of a Security Switch Module (SSM) changed. The state of a Security Switch Module (SSM) is "`Management Loss`" (see sk145792).
`HWMonitorSystemManagerEvent`	Applies only to Scalable Chassis. An event occurred in a Chassis Management Module (CMM).
`HWMonitorTemperatureEvent`	Applies only to Scalable Chassis. One of these: The value of the CPU temperature changed. The CPU temperature value is above or lower than the configured threshold.
`LspPortEvent`	The state of a port that is configured in a Link State Propagation (LSP) Group changed. See: Configuring Link State Propagation (LSP) on a Maestro Orchestrator Configuring Link State Propagation (LSP) on Scalable Chassis
`MemoryLeakDetectEvent`	A memory leak was detected.
`MemUtilEvent`	The memory utilization is above or lower than the configured thresholds. Thresholds: `mem_util_threshold_perc_high` High threshold for memory utilization Default: 50% `mem_util_threshold_perc_low_ratio` Low threshold for memory utilization, as percentage from the high threshold Default: 80%
`MonitorStateEvent`	In the VSNext mode: The state of a monitored Virtual Gateway changed. In the Traditional VSX mode: The state of a monitored Virtual System changed.
`PacketRateEvent`	The packet rate is above or lower than the configured thresholds. Thresholds: `packet_rate_threshold_high` High threshold for packet rate (packets/sec), per CPU Default: 1,000,000 `packet_rate_threshold_low_ratio` Low threshold for packet rate (packets/sec), as percentage from the high threshold Default: 80% `packet_rate_total_threshold_high` High threshold for total packet rate (packets/sec), system-wide Default: 10,000,000 `packet_rate_total_threshold_low_ratio` Low threshold for system-wide total packet rate (packets/sec), as percentage from the high threshold Default: 80%
`PortStatusChangeEvent`	The state of a port link changed.
`ThroughputEvent`	The throughput is above or lower than the configured thresholds. Thresholds: `throughput_threshold_high` High threshold for throughput (bits/sec), per CPU Default: 3,000,000,000 `throughput_threshold_low_ratio` Low threshold for throughput (bits/sec), as percentage from the high threshold Default: 80% `throughput_total_threshold_high` High threshold for total throughput (bits/sec), system-wide Default: 30,000,000,000 `throughput_total_threshold_low_ratio` Low threshold for system-wide total throughput (bits/sec), as percentage from the high threshold Default: 80%

SNMP Monitoring of Security Groups in the VSNext / Traditional VSX Mode

For more information, see the:

Common SNMP OIDs for Security Groups

This table shows frequently used SNMP OIDs that are applicable to Security Groups:

Name

Type

Numerical OID

Comments

System Throughput

String

IPv4:
.1.3.6.1.4.1.2620.1.48.20.1

IPv6:
.1.3.6.1.4.1.2620.1.48.21.1

System Connection Rate (connections per second)

String

IPv4:
.1.3.6.1.4.1.2620.1.48.20.2

IPv6:
.1.3.6.1.4.1.2620.1.48.21.2

System Packet Rate (packet per second)

String

IPv4:
.1.3.6.1.4.1.2620.1.48.20.3

IPv6:
.1.3.6.1.4.1.2620.1.48.21.3

System Concurrent Connections

String

IPv4:
.1.3.6.1.4.1.2620.1.48.20.4

IPv6:
.1.3.6.1.4.1.2620.1.48.21.4

System Accelerated Connections Per Second

String

IPv4:
.1.3.6.1.4.1.2620.1.48.20.6

IPv6:
.1.3.6.1.4.1.2620.1.48.21.6

System non-accelerated Connections Per Second

String

IPv4:
.1.3.6.1.4.1.2620.1.48.20.7

IPv6:
.1.3.6.1.4.1.2620.1.48.21.7

System Accelerated Concurrent Connections

String

IPv4:
.1.3.6.1.4.1.2620.1.48.20.8

IPv6:
.1.3.6.1.4.1.2620.1.48.21.8

System Non-accelerated Concurrent Connections

String

IPv4:
.1.3.6.1.4.1.2620.1.48.20.9

IPv6:
.1.3.6.1.4.1.2620.1.48.21.9

System CPU load - average

String

IPv4:
.1.3.6.1.4.1.2620.1.48.20.10

IPv6:
.1.3.6.1.4.1.2620.1.48.21.10

System Acceleration CPU load - average

String

IPv4:
.1.3.6.1.4.1.2620.1.48.20.11

IPv6:
.1.3.6.1.4.1.2620.1.48.21.11

System FW instances load - average

String

IPv4:
.1.3.6.1.4.1.2620.1.48.20.14

IPv6:
.1.3.6.1.4.1.2620.1.48.21.14

System VPN Throughput

String

IPv4:
.1.3.6.1.4.1.2620.1.48.20.17

IPv6:
.1.3.6.1.4.1.2620.1.48.21.17

System Path distribution (fast, medium, slow, drops)

Table

IPv4:
.1.3.6.1.4.1.2620.1.48.20.24

IPv6:
.1.3.6.1.4.1.2620.1.48.21.24

Path distribution of:

throughput
pps
cps
concurrent connections

Per-Security Group Member counters

Table

IPv4:
.1.3.6.1.4.1.2620.1.48.20.25

IPv6:
.1.3.6.1.4.1.2620.1.48.21.25

Counters of:

throughput
cps
pps
concurrent connections
SecureXL CPU usage (avg / min / max)
Firewall CPU usage (avg / min / max)

Performance peaks

Table

IPv4:
.1.3.6.1.4.1.2620.1.48.20.26

IPv6:
.1.3.6.1.4.1.2620.1.48.21.26

Sensors on every Chassis

Table

1.3.6.1.4.1.2620.1.48.22.1.1

Note - Available only on Scalable Chassis.

Status details of:

Fans
SSMs
CPU temperature
CMM
PSUs
PSU Fans

Resources on every Security Group Member

Table

1.3.6.1.4.1.2620.1.48.23

Memory and Hard Disk utilization

CPU Utilization on every Security Group Member

Table

1.3.6.1.4.1.2620.1.48.29