Support Center > Search Results > SecureKnowledge Details
How to troubleshoot SNMP related issues on Check Point Security Gateway running on IPSO OS
Symptoms
  • SNMP query to / on Check Point Security Gateway running on IPSO OS returns:

    • No Such Instance currently exists
    • Timeout: No Response from localhost
Solution

Proceed as follows:

  1. Make sure that the IPSO snmp daemon is enabled.

    This can be done in the Network Voyager.

    Verify from CLI that the IPSO snmp daemon is running by running the following command:

    IPAppliance[admin]# ps aux | grep snmp

    Example output:

    root       387  0.0  0.4  4116 3964  ??  Ss    1:40AM    0:03.14 /bin/snmpd -f
    
  2. Make sure that the Check Point snmp daemon is running.

    IPAppliance[admin]# cpconfig

    1. Choose Option 2 from the menu:

      (2) SNMP Extension
    2. SNMP Extension configuration will be displayed.

      When prompted, confirm that you wish to enable Check Point products SNMP daemon.

      Important Note: This step will run restart Check Point services (cpstop and cpstart), which will impact the traffic. Run the commands during a scheduled downtime.

      Configuring SNMP Extension...
      
      =============================
      
      The SNMP daemon enables Check Point products module to export its status to external network management tools.
      
      Would you like to enable Check Point products SNMP daemon ? (y/n) [n] ? y
      
      
      You have changed Check Point products Configuration.
      
      You need to restart ALL Check Point modules (performing cpstop & cpstart)
      
      in order to activate the changes you have made.
      
      Would you like to do it now? (y/n) [y] ? y
      
    3. Start the Check Point cpsnmpd daemon:

      IPAppliance[admin]# cpsnmpd -p 260

      Example output:

      snmpd: Opening port(s):
              Port 260 binded successfully
      CPSNMPD: server running
      
  3. Verify that snmpd and cpsnmpd daemons are running:

    IPAppliance[admin]# ps aux | grep snmp

    Example output:

    root       387  0.0  0.4  4116 3964  ??  Ss    1:40AM    0:03.15 /bin/snmpd -f
    root      1728  0.0  0.1  2100 1004  ??  Ss   10:05PM    0:00.00 cpsnmpd -p 260
    
  4. Verify that snmpd and cpsnmpd daemons are listening on the relevant ports (snmpd on port 161, and cpsnmpd on port 260):

    IPAppliance[admin]# netstat -an | grep udp | egrep "*.161|*.260"

    Example output:

    udp        0      0  *.260                  *.*                                    
    udp        0      0  *.161                  *.* 
    
  5. After verifying that the relevant SNMP daemons are up, run the SNMP query for Check Point OID tree / specific OID:

    IPAppliance[admin]# snmpwalk -On -v2c -c localhost public .1.3.6.1.4.1.2620

    IPAppliance[admin]# snmpwalk -On -v2c -c localhost public .1.3.6.1.4.1.2620.1.1.25.4.0

  6. If the issue persists (the same error is returned), then continue troubleshooting:

    Make sure that the $FWDIR/conf/snmp.C file contains the following (edit the file, if needed and then restart the cpsnmpd daemon by killing it and starting it manually):

    (
            : (
                    : (system.sysName.0
                            :value (Unknown)
                    )
                    : (system.sysDescr.0
                            :value ("i386 FreeBSD 2.1.5. Check Point FireWall-1 Version")
                    )
                    : (system.sysContact.0 
                            :value ("Unknown")
                    )
                    : (system.sysLocation.0 
                            :value ("Unknown")
                    )
                    : (system.sysObjectID.0
                            :value (".1.3.6.1.4.1.2620.1.1")
                    )
            )
            :snmp_community (
                    :read ()
                    :write ()
            )
    )
    
Imported from Nokia support database

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment