SNMP for Security Groups

Important - This topic described the steps to get aggregated SNMP data from all Security Group Members.

To get SNMP data from a specific Security Group Member, see SNMP for Security Group Members.

You can use SNMP to monitor different aspects of a Security Group, including:

Software versions
Hardware status
Key performance indicators
High Availability status

Prerequisites

Step

Instructions

On the Security Group, in Gaia Portal or Gaia gClish:

Enable the SNMP Agent.

Configure SNMP settings.

Best Practice - Use only SNMP v3.

See the R82 Gaia Administration Guide > Chapter "System Management" > Section "SNMP".

Upload these Check Point MIB files from the Security Group to your third-party SNMP monitoring software:

The SNMP MIB file:

$CPDIR/lib/snmp/chkpnt.mib
The SNMP Trap MIB file:

$CPDIR/lib/snmp/chkpnt-trap.mib

(The /etc/snmp/GaiaTrapsMIB.mib file is not supported.)

Supported SNMP OIDs for Security Groups

Only this SNMP OID branch is supported:

Branch	OID
`asg`	Numerical	`1.3.6.1.4.1.2620.1.48`
`asg`	Full Text	`.iso.org.dod.internet.private.enterprise.checkpoint.products.asg`

Supported SNMP Trap OIDs for Security Groups

Only this SNMP Trap is supported:

Branch	OID
`asgTrap`	Numerical	`1.3.6.1.4.1.2620.1.2001`
`asgTrap`	Full Text	`.iso.org.dod.internet.private.enterprise.checkpoint.products.asgTrap`

Notes:

The /etc/snmp/GaiaTrapsMIB.mib file is not supported.
The "set snmp traps" command is not supported.

You must use the "asg alert" configuration wizard for this purpose - see asg alert.

SNMP Monitoring of Security Groups in the VSNext / Traditional VSX Mode

For more information, see the:

Common SNMP OIDs for Security Groups

This table shows frequently used SNMP OIDs that are applicable to Security Groups:

Name

Type

Numerical OID

Comments

System Throughput

String

IPv4:
.1.3.6.1.4.1.2620.1.48.20.1

IPv6:
.1.3.6.1.4.1.2620.1.48.21.1

System Connection Rate (connections per second)

String

IPv4:
.1.3.6.1.4.1.2620.1.48.20.2

IPv6:
.1.3.6.1.4.1.2620.1.48.21.2

System Packet Rate (packet per second)

String

IPv4:
.1.3.6.1.4.1.2620.1.48.20.3

IPv6:
.1.3.6.1.4.1.2620.1.48.21.3

System Concurrent Connections

String

IPv4:
.1.3.6.1.4.1.2620.1.48.20.4

IPv6:
.1.3.6.1.4.1.2620.1.48.21.4

System Accelerated Connections Per Second

String

IPv4:
.1.3.6.1.4.1.2620.1.48.20.6

IPv6:
.1.3.6.1.4.1.2620.1.48.21.6

System non-accelerated Connections Per Second

String

IPv4:
.1.3.6.1.4.1.2620.1.48.20.7

IPv6:
.1.3.6.1.4.1.2620.1.48.21.7

System Accelerated Concurrent Connections

String

IPv4:
.1.3.6.1.4.1.2620.1.48.20.8

IPv6:
.1.3.6.1.4.1.2620.1.48.21.8

System Non-accelerated Concurrent Connections

String

IPv4:
.1.3.6.1.4.1.2620.1.48.20.9

IPv6:
.1.3.6.1.4.1.2620.1.48.21.9

System CPU load - average

String

IPv4:
.1.3.6.1.4.1.2620.1.48.20.10

IPv6:
.1.3.6.1.4.1.2620.1.48.21.10

System Acceleration CPU load - average

String

IPv4:
.1.3.6.1.4.1.2620.1.48.20.11

IPv6:
.1.3.6.1.4.1.2620.1.48.21.11

System FW instances load - average

String

IPv4:
.1.3.6.1.4.1.2620.1.48.20.14

IPv6:
.1.3.6.1.4.1.2620.1.48.21.14

System VPN Throughput

String

IPv4:
.1.3.6.1.4.1.2620.1.48.20.17

IPv6:
.1.3.6.1.4.1.2620.1.48.21.17

System Path distribution (fast, medium, slow, drops)

Table

IPv4:
.1.3.6.1.4.1.2620.1.48.20.24

IPv6:
.1.3.6.1.4.1.2620.1.48.21.24

Path distribution of:

throughput
pps
cps
concurrent connections

Per-Security Group Member counters

Table

IPv4:
.1.3.6.1.4.1.2620.1.48.20.25

IPv6:
.1.3.6.1.4.1.2620.1.48.21.25

Counters of:

throughput
cps
pps
concurrent connections
SecureXL CPU usage (avg / min / max)
Firewall CPU usage (avg / min / max)

Performance peaks

Table

IPv4:
.1.3.6.1.4.1.2620.1.48.20.26

IPv6:
.1.3.6.1.4.1.2620.1.48.21.26

Sensors on every Chassis

Table

1.3.6.1.4.1.2620.1.48.22.1.1

Note - Available only on Scalable Chassis.

Status details of:

Fans
SSMs
CPU temperature
CMM
PSUs
PSU Fans

Resources on every Security Group Member

Table

1.3.6.1.4.1.2620.1.48.23

Memory and Hard Disk utilization

CPU Utilization on every Security Group Member

Table

1.3.6.1.4.1.2620.1.48.29