Support Center > Search Results > SecureKnowledge Details
How to configure SNMP on Gaia OS
Solution

This article provides information about SNMP on Gaia OS - how to configure, how to query, how to troubleshoot.

Table of Contents:

  1. Background
  2. SNMP configuration
  3. Query VSX Gateway over SNMP
    1. Introduction
    2. Important Notes
    3. VSX SNMP Tree
    4. SNMP Default mode
    5. SNMP VS mode
    6. FAQ
  4. Advanced SNMP configuration
    1. Custom SNMP settings
    2. Custom SNMP traps
    3. Support for SNMPv3traps
    4. SNMP Agent Interfaces
    5. Configure SNMPv3 users to use SHA / AES authentication
    6. Extend SNMP with shell script
    7. Multiple SNMP communities
    8. Threshold Engine Configuration (threshold_config)
  5. Troubleshooting
    1. Interpreting SNMP Error Messages
  6. Common used SNMP OIDs
    1. System counters
      1. CPU
      2. Memory
      3. Disk
      4. RAID
      5. Gaia OS
    2. Network counters
      1. Information about interfaces from Linux OS
      2. Traffic (packets / bytes) general statistics from Check Point FireWall
      3. Traffic (packets / bytes) statistics per interface from Check Point FireWall
      4. Connections statistics from Check Point FireWall
      5. Routing table from Check Point FireWall
      6. Traps
    3. Check Point Software Blades counters
      1. General
      2. Logging
      3. VPN Site-to-Site
      4. VPN Remote Access
      5. Cluster
      6. VSX
      7. SecureXL
      8. URL Filtering
      9. Application Control
      10. DLP
      11. Anti-Virus
      12. Anti-Bot
      13. Anti-Spam
      14. Identity Awareness
      15. Threat Emulation
      16. Threat Extraction
      17. VoIP
      18. LTE / FireWall-GX
      19. QoS
      20. Security Management Server
      21. SmartLog
      22. SmartEvent
  7. Related documentation
  8. Related solutions
  9. Revision History

 

Click Here to Show the Entire Article

 

Video - Demonstration of SNMPv3 configuratoin on Security Management

 

(I) Background

Show / Hide this section
  • Simple Network Management Protocol (SNMP) is a widely used protocol for monitoring the health and welfare of network equipment (e.g., routers), computer equipment and even devices like UPSs.

  • SNMP management systems consist of an SNMP management station (SNMP Manager, NMS) and the managed devices (that run SNMP Agents).
    SNMP agents constitute the software elements that interface with the device being managed. The agents relate to the configuration and performance characteristics of a managed device as separate identifiable objects. These objects are arranged in an hierarchical namespace, a tree-like database structure known as a Management Information Block (MIB).

    Check Point software uses these MIB files:

    Contents of MIB file(s) Location
    Standard MIBs (a)
    • /usr/share/snmp/mibs/
    Check Point MIBs (b)
    • $CPDIR/lib/snmp/chkpnt.mib
    Check Point Traps for Check Point products (b)
    • $CPDIR/lib/snmp/chkpnt-trap.mib
    Check Point Traps for Gaia OS (b)
    • /etc/snmp/GaiaTrapsMIB.mib

    Notes:

    1. Not all standard MIBs are supported for Check Point products.
    2. Refer to sk90470 - Check Point SNMP MIB files.
  • While Check Point has Alert as one of its tracking types, you might prefer to receive alert messages through your regular SNMP Management Station in the form of an SNMP Trap, which is a notification that a certain event has occurred.
    Check Point offers SNMP Traps as one of its tracking types. When the conditions of the trap are met, the Security Gateway sends a log to Security Management.
    Security Management saves the FireWall log and sends an SNMP trap to the configured SNMP Trap Receiver Server (to UDP port 162).
    The trap includes the text of the log file.

    Example of a security rule in R77.30 SmartDashboard:

    Source Destination VPN Service Action Track Install On
    Any Internal
    Network
    object
    Any Traffic http Drop SnmpTrap Security Gateway /
    Cluster object

    If SnmpTrap is selected in a security rule, then internal_snmp_trap script (which is an internal part of the FWD process) has to be configured in SmartDashboard / SmartConsole - Global Properties - Log & Alert - Alerts:

    internal_snmp_trap <HostName_of_IP_of_Trap_Server | localhost> [-v <OID>] [-g {coldStart | warmStart | linkDown | linkUp | authenticationFailure | egpNeighborLoss | enterpriseSpecific}] [-s {0 | <Trap_Type>}] [-p <Source_Port>] [-c <SNMP_Community_Name>]

  • Net-SNMP is a suite of applications with full support of OS-MIB-II that used in Check Point Gaia OS to implement SNMP v1, SNMP v2c and SNMP v3 using both IPv4 and IPv6.

  • SNMP is enabled by default on the IPSO operating system. If SNMP is enabled when you upgrade from IPSO OS to Gaia OS, then it is also enabled for Gaia OS.

  • Recommendations:

    • Use SNMPv3 with both Privacy and Authentication options (authPriv security level).
    • Use complex passwords for SNMPv1 / SNMPv2 community strings: upper and lower case with at least 15 characters.
    • Make sure that the read-only and read-write community strings are unique.
    • Send SNMP traffic over a secure network.

 

(II) SNMP configuration

Show / Hide this section
  1. Activate the SNMP service on the Gaia OS.

    • Show / Hide instructions for Gaia Portal
      1. Login to Gaia Portal.

      2. Go to System Management section - click on SNMP page:

      3. Enable the SNMP service by checking the box Enable SNMP Agent and click on the 'Apply' button.

      4. "Version" allows to select the version of supported SNMP protocol - either v1/v2/v3 (any), or only v3.

      5. "SNMP location string" allows to input the location details of the system (up to 128 characters).

      6. "SNMP Contact String" allows to input the contact information for the system (up to 128 characters).

      7. Configure "Agent Addresses" / "Agent Interfaces", on which the SNMP Agent will be "listening".
        Clear the boxes of all interfaces that are not facing your SNMP Management:

        Note: This setting is not available in Gaia Clish. Refer to section "(IV-4) Advanced SNMP configuration - SNMP Agent Interfaces".

        Example:

      8. "V1 / V2 Settings" allow to change the SNMPv2 community name for RO (Read Only), or RW (Read Write).

        Note: It is strongly recommended to define unique strings for the read-only and read-write communities.

        Example:

      9. "V3 - User-Based Security Model (USM)" allows creating SNMPv3 USM accounts, which permit specific SNMPv3 access:

        Note: To allow this SNMPv3 USM user to send SNMP Traps, select this user in the 'Trap User' field (located above the 'Trap Receivers Settings' section).

        In Gaia R77.30 and above: In Gaia R75.40 - R77.20:

        Where:

        Field Name Values Comments
        User Name Name of the SNMPv3 USM user.  
        Security Level authPriv SNMPv3 USM user has authentication pass phrase and privacy pass phrase, and can connect with privacy encryption.
        authNoPriv SNMPv3 USM user has only an authentication pass phrase (MD5) and can connect only without privacy encryption.
        User Permissions read-only SNMPv3 USM user is allowed only to read values of SNMP OIDs.
        read-write SNMPv3 USM user is allowed to read SNMP OIDs and to set values of SNMP OIDs.
        Authentication Passphrase Authentication pass phrase for any of the Security Levels.  
        Privacy Protocol DES  
        AES Supported in R77.30 and above.
        For R75.40 - R77.20 versions, a hotfix is required (refer to section "(IV-5) Advanced SNMP configuration - Configure SNMPv3 users to use SHA / AES authentication").
        Privacy Passphrase Privacy pass phrase for Security Level "authPriv".  
      10. "Enabled Traps" enables the Gaia OS built-in SNMP Traps. The following built-in traps can be enabled:

        Trap Name Description
        AuthorizationError Notifies when an SNMP operation is not properly authenticated. Sent once the event occurs.
        biosFailure Notifies when the Primary BIOS failure is detected. Sent once the event occurs. Supported in R80.10 and higher. 
        Coldstart Notifies when the SNMPv2 agent is re-initialized. Sent once the event occurs.
        ConfigurationChange Notifies when a change to the system configuration is applied. Sent each polling interval.
        ConfigurationSave Notifies when a permanent change to the system configuration occurs. Sent each polling interval.
        fanFailure Notifies when a CPU or chassis fan fails. Sent each polling interval.
        highVoltage Notifies if one of the voltage sensors exceeds its maximum value. Sent each polling interval.
        linkUpLinkDown Notifies when one of the links changes state to up or down. Sent each polling interval.
        lowDiskSpace Notifies when space on the system disk is low. This trap is sent if the disk space utilization in the "/" partition has reached 80% or more of its capacity. Sent each polling interval.
        lowVoltage Notify if one of the voltage sensors falls below its minimum value. Sent each polling interval.
        overTemperature Notifies when the temperature rises above the threshold. Sent each polling interval.
        PowerSupplyFailure Notifies when a power supply for the system fails. This trap is supported only on platforms with two power supplies installed and running. Sent each polling interval.
        raidVolumeState Notifies if the raid volume state is not optimal. This trap works only if RAID is supported on the Gaia appliance or computer. To make sure that RAID monitoring is supported, run the command 'raid_diagnostic' and confirm that it shows the RAID status. Sent each polling interval.
        vrrpv2AuthFailure Notifies when the VRRP member has got packet Authentication failure - VRRPv2 (IPv4) and VRRPv3 (IPv6). Sent each polling interval.
        vrrpv2NewMaster Notifies when the VRRP member has transitioned to Master state - VRRPv2 (IPv4). Sent each polling interval.
        vrrpv3NewMaster Notifies when the VRRP member has transitioned to Master state - VRRPv3 (IPv6). Sent each polling interval.
        vrrpv3ProtoError Notifies when the VRRP member has got Protocol error - VRRPv2 (IPv4) and VRRPv3 (IPv6). Sent each polling interval.

        Example:

      11. "Trap Receivers Settings" allow configuring the IP address of remote trap receiver.
        You can add more than one trap receiver, so multiple systems will receive the SNMP traps:

        Example:

      12. "Custom Traps" (available since R77.30) allow configuring custom SNMP traps for any supported OID.

        Refer to section "(IV-2) Advanced SNMP configuration - Custom SNMP traps"



    • Show / Hide instructions for Gaia Clish
      1. Connect to the command line on Gaia OS machine (over SSH, or console).

      2. Log in to Clish.

      3. Enable the SNMP Agent:

        HostName:0> set snmp agent on
      4. Configure the version of supported SNMP protocol:

        • To support any SNMP version (v1/v2/v3):

          HostName:0> set snmp agent-version any
        • To support only SNMP v3:

          HostName:0> set snmp agent-version v3-Only
      5. Configure the location details of the system:

        HostName:0> set snmp location "Location Information"

        Note: Location Information text must be entered within double quotes. This string has a maximal length of 128 characters. Can include letters, numbers, spaces, special characters.

      6. Configure the contact information for the system:

        HostName:0> set snmp contact "Contact Information"

        Note: Contact Information text must be entered within double quotes. This string has a maximal length of 128 characters. Can include letters, numbers, spaces, special characters.

      7. Configure SNMPv2 community name for RO (Read Only) and/or RW (Read Write):

        Note: It is strongly recommended to define unique strings for the read-only and read-write communities.

        • SNMPv2 community with Read Only access:

          HostName:0> set snmp community NAME read-only
        • SNMPv2 community with Read Write access:

          HostName:0> set snmp community NAME read-write
      8. Enable the Gaia OS built-in SNMP Traps:

        1. Enable the desired traps:

          HostName:0> set snmp traps trap NAME_of_TRAP enable

          The following built-in traps can be enabled:

          Trap Name Description
          AuthorizationError Notifies when an SNMP operation is not properly authenticated. Sent once the event occurs.
          biosFailure Notifies when the Primary BIOS failure is detected. Sent once the event occurs. Supported in R80.10 and higher. 
          Coldstart Notifies when the SNMPv2 agent is re-initialized. Sent once the event occurs.
          ConfigurationChange Notifies when a change to the system configuration is applied. Sent each polling interval.
          ConfigurationSave Notifies when a permanent change to the system configuration occurs. Sent each polling interval.
          fanFailure Notifies when a CPU or chassis fan fails. Sent each polling interval.
          highVoltage Notifies if one of the voltage sensors exceeds its maximum value. Sent each polling interval.
          linkUpLinkDown Notifies when one of the links changes state to up or down. Sent each polling interval.
          lowDiskSpace Notifies when space on the system disk is low. This trap is sent if the disk space utilization in the "/" partition has reached 80% or more of its capacity. Sent each polling interval.
          lowVoltage Notify if one of the voltage sensors falls below its minimum value. Sent each polling interval.
          overTemperature Notifies when the temperature rises above the threshold. Sent each polling interval.
          PowerSupplyFailure Notifies when a power supply for the system fails. This trap is supported only on platforms with two power supplies installed and running. Sent each polling interval.
          raidVolumeState Notifies if the raid volume state is not optimal. This trap works only if RAID is supported on the Gaia appliance or computer. To make sure that RAID monitoring is supported, run the command 'raid_diagnostic' and confirm that it shows the RAID status. Sent each polling interval.
          vrrpv2AuthFailure Notifies when the VRRP member has got packet Authentication failure - VRRPv2 (IPv4) and VRRPv3 (IPv6). Sent each polling interval.
          vrrpv2NewMaster Notifies when the VRRP member has transitioned to Master state - VRRPv2 (IPv4). Sent each polling interval.
          vrrpv3NewMaster Notifies when the VRRP member has transitioned to Master state - VRRPv3 (IPv6). Sent each polling interval.
          vrrpv3ProtoError Notifies when the VRRP member has got Protocol error - VRRPv2 (IPv4) and VRRPv3 (IPv6). Sent each polling interval.
        2. Configure the polling interval of the traps:

          HostName:0> set snmp traps polling-frequency TIME_in_SECONDS

          Range: from 1 to 864000 seconds.
          Recommended value: 20 seconds (default).
        3. Configure the Trap Receiver server:

          HostName:0> add snmp traps receiver IP_ADDRESS version [v1 | v2 | v3] community NAME

          Note: To modify the existing Trap Receiver, use the 'set snmp traps receiver ...' command.
        4. Create an SNMPv3 USM user and allow it to send traps:

          • Either configure authentication without privacy (encryption) for SNMP packets:

            1. Create an SNMPv3 User:

              HostName:0> add snmp usm user <SNMPv3_USM_User_Name> security-level authNoPriv auth-pass-phrase PASSPHRASE
            2. Set either "read-only", or "read-write" access (refer to sk106915):

              HostName:0> set snmp usm user <SNMPv3_USM_User_Name> [usm-read-only | usm-read-write]
            3. Allow the SNMPv3 User to send traps:

              HostName:0> set snmp traps trap-user <SNMPv3_USM_User_Name>
          • Or configure authentication with privacy (encryption) for SNMP packets:

            1. Create an SNMPv3 User:

              • In Gaia R77.30 and above:

                HostName:0> add snmp usm user <SNMPv3_USM_User_Name> security-level authPriv auth-pass-phrase PASSPHRASE privacy-pass-phrase PASSPHRASE privacy-protocol DES|AES
              • In Gaia R75.40 - R77.20:

                HostName:0> add snmp usm user <SNMPv3_USM_User_Name> security-level authPriv auth-pass-phrase PASSPHRASE privacy-pass-phrase PASSPHRASE
            2. Set either "read-only", or "read-write" access (refer to sk106915):

              HostName:0> set snmp usm user <SNMPv3_USM_User_Name> [usm-read-only | usm-read-write]
            3. Allow the SNMPv3 User to send traps:

              HostName:0> set snmp traps trap-user <SNMPv3_USM_User_Name>

          Where:

          Argument / Setting Explanation
          <SNMPv3_USM_User_Name>
          • Range: from 1 to 31 printable characters.
          • May not match an existing USM user.
          • May not contain space, backslash, or colon.
          security-level
          • "authPriv" - SNMPv3 USM user access is with authentication and encrypted
          • "authNoPriv" - SNMPv3 USM user access is with authentication, but unencrypted
          • "auth-pass-phrase" - Authentication pass phrase for any of the Security Levels
          • "privacy-pass-phrase" - Privacy pass phrase for Security Level "authPriv"

          Note: Refer to section "(IV-5) Advanced SNMP configuration - Configure SNMPv3 users to use SHA / AES authentication".
      9. On Security Gateway in VSX mode, configure the desired SNMP mode:

        For more details, refer to section "(III) Query VSX Gateway over SNMP".

        Mode Description and Syntax
        Default mode

        This mode is enabled by default. In this mode, VS0 is fully monitored. Also there is a selection of counters (VSX SNMP MIB tree), which are monitored per-Virtual System and are located on VS0 SNMP tree.

        HostName:0> set snmp mode default
        Virtual System (VS) mode

        In this mode, each Virtual System has a separate SNMP daemon with complete set of OIDs. The SNMP queries for the Virtual Systems should be sent to VS0 with the desired VSID as context name.

        HostName:0> set snmp mode vs
      10. Crucial Step: Save the changes in Gaia Database:

        HostName:0> save config
  2. Configure relevant security rules:

    1. Connect with SmartDashboard to Security Management Server / Domain Management Server.

    2. Configure the relevant security rules to allow the SNMP traffic:

      • To allow the "SNMP Request" and "SNMP Response", use the pre-defined service "snmp"
      • To allow the SNMP Trap packets, use the pre-defined service "snmp-trap"
    3. Install the policy onto the relevant Security Gateways / Clusters.

  3. Verify the SNMP is working properly:

    Run the relevant commands in Gaia Clish and in Expert mode.

    • Run the following commands in Gaia Clish:

      1. Check if the SNMP Agent is enabled:

        HostName:0> show snmp agent

        Example:

        HostName:0> show snmp agent
        SNMP Agent Enabled
        HostName:0>
        
      2. Check on which interfaces does the SNMP Agent listen:

        HostName:0> show snmp interfaces

        Example 1:

        HostName:0> show snmp interfaces
        Any
        HostName:0>
        

        Example 2:

        HostName:0> show snmp interfaces
        Enabled SNMP Agent Interfaces are
        eth1
        eth0
        lo
        HostName:0>
        
      3. Check which SNMP version is enabled:

        HostName:0> show snmp agent-version

        Example 1:

        HostName:0> show snmp agent-version
        v1/v2/v3
        HostName:0>
        

        Example 2:

        HostName:0> show snmp agent-version
        v3-Only
        HostName:0>
        
      4. Check which SNMP mode is enabled (relevant for VSX mode):

        HostName:0> show snmp mode

        Example 1 (monitors only VS0):

        HostName:0> show snmp mode
        default
        HostName:0>
        

        Example 2 (monitors all Virtual Systems):

        HostName:0> show snmp mode
        vs
        HostName:0>
        
      5. Check which SNMP Traps are enabled:

        HostName:0> show snmp traps enabled-traps
      6. Check the list of SNMP Trap Receivers:

        HostName:0> show snmp traps receivers
    • Run the following commands in Expert Mode:

      1. Check that SNMPD daemon is running:

        [Expert@HostName:0]# ps auxw | grep -v grep | grep -E "PID|snmpd"

        Example:

        [Expert@HostName:0]# ps auxw | grep -v grep | grep -E "PID|snmpd"
        USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
        admin    24331  0.0  0.7  30296 11280 ?        Ss   17:39   0:00 /usr/sbin/snmpd -f -c /etc/snmp/userDefinedSettings.con
        [Expert@HostName:0]#
        
      2. Check that Gaia OS listens on UDP port 161:

        [Expert@HostName:0]# netstat -an | grep -v grep | grep -E 'Foreign|161'

        Example:

        [Expert@HostName:0]# netstat -an | grep -v grep | grep -E 'Foreign|161'
        Proto Recv-Q Send-Q Local Address               Foreign Address             State
        udp        0      0 0.0.0.0:161                 0.0.0.0:*
        
      3. Check that Gaia OS answers to SNMP Requests:

        • Example for SNMPv2

          Syntax:

          • [Expert@HostName:0]# snmpwalk -v 2c -c <COMMUNITY_NAME> localhost 1.3.6.1.2.1

          Example output:

          [Expert@HostName:0]# snmpwalk -v 2c -c public localhost 1.3.6.1.2.1 | head -n 15
          SNMPv2-MIB::sysDescr.0 = STRING: Linux R77.10-SA 2.6.18-92cp #1 SMP Sun Dec 15 18:26:07 IST 2013 i686
          SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
          DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (126263) 0:21:02.63
          SNMPv2-MIB::sysContact.0 = STRING: root@localhost
          SNMPv2-MIB::sysName.0 = STRING: R77.10-SA
          SNMPv2-MIB::sysLocation.0 = STRING: Unknown
          SNMPv2-MIB::sysORLastChange.0 = Timeticks: (71) 0:00:00.71
          SNMPv2-MIB::sysORID.1 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance
          SNMPv2-MIB::sysORID.2 = OID: SNMP-MPD-MIB::snmpMPDCompliance
          SNMPv2-MIB::sysORID.3 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance
          SNMPv2-MIB::sysORID.4 = OID: SNMPv2-MIB::snmpMIB
          SNMPv2-MIB::sysORID.5 = OID: TCP-MIB::tcpMIB
          SNMPv2-MIB::sysORID.6 = OID: IP-MIB::ip
          SNMPv2-MIB::sysORID.7 = OID: UDP-MIB::udpMIB
          SNMPv2-MIB::sysORID.8 = OID: SNMP-VIEW-BASED-ACM-MIB::vacmBasicGroup
          
        • Example for SNMPv3

          Note: Refer to section "(IV-5) Advanced SNMP configuration - Configure SNMPv3 users to use SHA / AES authentication".

          Syntax:

          • In Gaia OS all versions:

            [Expert@HostName:0]# snmpwalk -v3 -u <USERNAME> -l authNoPriv -a MD5 -A <PASSPHRASE> localhost 1.3.6.1.2.1
          • In Gaia OS version R77.30 and above:

            [Expert@HostName:0]# snmpwalk -v3 -u <USERNAME> -l authPriv -a MD5 -A <PASSPHRASE> -x DES|AES -X <PASSPHRASE> localhost 1.3.6.1.2.1
          • In Gaia OS versions R75.40 - R77.20:

            [Expert@HostName:0]# snmpwalk -v3 -u <USERNAME> -l authPriv -a MD5 -A <PASSPHRASE> -x DES -X <PASSPHRASE> localhost 1.3.6.1.2.1

          Example Output:

          [Expert@HostName:0]# snmpwalk -v3 -u <USMUserName> -l authPriv -a MD5 -A <PASSPHRASE> -x DES -X <PASSPHRASE> localhost 1.3.6.1.2.1 | head -n 15
          SNMPv2-MIB::sysDescr.0 = STRING: Linux R77-30 2.6.18-92cp #1 SMP Wed Apr 8 17:12:19 IDT 2015 i686
          SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.2620.1.6.123.1.48
          DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (173758) 0:28:57.58
          SNMPv2-MIB::sysContact.0 = STRING: root@localhost
          SNMPv2-MIB::sysName.0 = STRING: R77-30
          SNMPv2-MIB::sysLocation.0 = STRING: Unknown
          SNMPv2-MIB::sysORLastChange.0 = Timeticks: (10) 0:00:00.10
          SNMPv2-MIB::sysORID.1 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance
          SNMPv2-MIB::sysORID.2 = OID: SNMP-MPD-MIB::snmpMPDCompliance
          SNMPv2-MIB::sysORID.3 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance
          SNMPv2-MIB::sysORID.4 = OID: SNMPv2-MIB::snmpMIB
          SNMPv2-MIB::sysORID.5 = OID: TCP-MIB::tcpMIB
          SNMPv2-MIB::sysORID.6 = OID: IP-MIB::ip
          SNMPv2-MIB::sysORID.7 = OID: UDP-MIB::udpMIB
          SNMPv2-MIB::sysORID.8 = OID: SNMP-VIEW-BASED-ACM-MIB::vacmBasicGroup
          
      4. Check that Check Point software answers to SNMP Requests:

        • Example for SNMPv2

          Syntax:

          • [Expert@HostName:0]# snmpwalk -v 2c -c <COMMUNITY_NAME> localhost 1.3.6.1.4.1.2620

          Example output:

          [Expert@HostName:0]# snmpwalk -v 2c -c public localhost 1.3.6.1.4.1.2620 | head -n 15
          SNMPv2-SMI::enterprises.2620.1.1.1.0 = STRING: "Installed"
          SNMPv2-SMI::enterprises.2620.1.1.2.0 = STRING: "Any_Any_Accept_noLogs"
          SNMPv2-SMI::enterprises.2620.1.1.3.0 = STRING: "Wed Apr 23 14:22:58 2014"
          SNMPv2-SMI::enterprises.2620.1.1.4.0 = INTEGER: 213262
          SNMPv2-SMI::enterprises.2620.1.1.5.0 = INTEGER: 0
          SNMPv2-SMI::enterprises.2620.1.1.6.0 = INTEGER: 6683
          SNMPv2-SMI::enterprises.2620.1.1.7.0 = INTEGER: 56
          SNMPv2-SMI::enterprises.2620.1.1.8.0 = INTEGER: 9
          SNMPv2-SMI::enterprises.2620.1.1.9.0 = INTEGER: 9
          SNMPv2-SMI::enterprises.2620.1.1.10.0 = STRING: "Firewall"
          SNMPv2-SMI::enterprises.2620.1.1.11.0 = ""
          SNMPv2-SMI::enterprises.2620.1.1.12.0 = INTEGER: 2
          SNMPv2-SMI::enterprises.2620.1.1.21.0 = STRING: "Firewall"
          SNMPv2-SMI::enterprises.2620.1.1.22.0 = INTEGER: 9
          SNMPv2-SMI::enterprises.2620.1.1.23.0 = INTEGER: 9
          ... ... ...
          
        • Example for SNMPv3

          Note: Refer to section "(IV-5) Advanced SNMP configuration - Configure SNMPv3 users to use SHA / AES authentication".

          Syntax:

          • In Gaia all versions:

            [Expert@HostName:0]# snmpwalk -v3 -u USERNAME -l authNoPriv -a MD5 -A PASSPHRASE localhost 1.3.6.1.4.1.2620
          • In Gaia OS version R77.30 and above:

            [Expert@HostName:0]# snmpwalk -v3 -u USERNAME -l authPriv -a MD5 -A PASSPHRASE -x DES|AES -X PASSPHRASE localhost 1.3.6.1.4.1.2620
          • In Gaia OS versions R75.40 - R77.20:

            [Expert@HostName:0]# snmpwalk -v3 -u USERNAME -l authPriv -a MD5 -A PASSPHRASE -x DES -X PASSPHRASE localhost 1.3.6.1.4.1.2620

          Example Output:

          [Expert@HostName:0]# snmpwalk -v3 -u USMUserName -l authPriv -a MD5 -A PASSPHRASE -x DES -X PASSPHRASE localhost 1.3.6.1.4.1.2620 | head -n 15
          SNMPv2-SMI::enterprises.2620.1.1.1.0 = STRING: "Installed"
          SNMPv2-SMI::enterprises.2620.1.1.2.0 = STRING: "Any_Any_Accept_noLogs"
          SNMPv2-SMI::enterprises.2620.1.1.3.0 = STRING: "Sun Jul 19 16:14:43 2015"
          SNMPv2-SMI::enterprises.2620.1.1.4.0 = Counter32: 16131
          SNMPv2-SMI::enterprises.2620.1.1.5.0 = Counter32: 0
          SNMPv2-SMI::enterprises.2620.1.1.6.0 = Counter32: 719257
          SNMPv2-SMI::enterprises.2620.1.1.7.0 = Counter32: 21006
          SNMPv2-SMI::enterprises.2620.1.1.8.0 = INTEGER: 9
          SNMPv2-SMI::enterprises.2620.1.1.9.0 = INTEGER: 9
          SNMPv2-SMI::enterprises.2620.1.1.10.0 = STRING: "Firewall"
          SNMPv2-SMI::enterprises.2620.1.1.11.0 = ""
          SNMPv2-SMI::enterprises.2620.1.1.12.0 = Counter32: 2
          SNMPv2-SMI::enterprises.2620.1.1.21.0 = STRING: "Firewall"
          SNMPv2-SMI::enterprises.2620.1.1.22.0 = INTEGER: 9
          SNMPv2-SMI::enterprises.2620.1.1.23.0 = INTEGER: 9
          

 

(III) Query VSX Gateway over SNMP

Click Here to show the entire section
  • (III-1) Query VSX Gateway over SNMP - Introduction

    Show / Hide this section

    SNMP monitoring for VSX is available in two different modes:

    SNMP Mode Description
    Default mode
    • SNMP daemon runs only in the context of VSX Gateway / VSX Cluster member itself (VS0).
    • The SNMP daemon of VS0 has a set of tables with counters (VSX SNMP tree) for each Virtual Device.
    • SNMP queries must be sent to the IP address of VSX Gateway / VSX Cluster member itself (context of VS0).
    VS mode
    • Each Virtual Device has separate SNMP daemon running in the context of that Virtual Device.
    • Supported SNMP protocols:
      • SNMP daemon in the context of VSX Gateway / VSX Cluster member itself (VS0) can be queried using SNMP v1/v2c/v3.
      • SNMP daemons in the contexts of Virtual Devices can be queried only using SNMP v3.
    • SNMP queries to SNMP daemons in the contexts of Virtual Devices must be sent in the following way:
      • sent using SNMP v3
      • sent to the IP address of Management interface on VSX Gateway / VSX Cluster member itself (context of VS0)
      • sent using the exact Virtual Device context (otherwise, the respone is returned for the context of VS0)
    • Set of tables with counters (VSX SNMP tree) for each Virtual Device is available only on SNMP daemon running in the context of VSX Gateway / VSX Cluster member itself (context of VS0).
    • Only SNMP daemon running in the context of VSX Gateway / VSX Cluster member itself (context of VS0) supports SNMP traps.
    • Note: For SNMPv3 you have to set the Virtual Device the USM user is allowed to query with the command: 'set snmp usm user <USER> vsid < id | all >'


  • (III-2) Query VSX Gateway over SNMP - Important Notes

    Show / Hide this section
    • SNMP queries for VSX Gateway /Cluster member should be sent to the VSX machine itself (context of VS0) [Limitation 01466618]:

      VSX Configuration Notes
      DMI
      • In case of a single VSX Gateway, the SNMP query should be sent to the IP address of the DMI interface.

      • In case of a VSX cluster, the SNMP query should be sent to the physical IP address of the DMI interface of each VSX Cluster member.

      non-DMI
      • The SNMP query should be sent to the Management IP address on the single VSX Gateway / VSX Cluster member.
    • VSX SNMP configuration will be performed on VSX Gateway / each VSX Cluster member only (not in the context of Virtual Devices).
      Note: In cluster environment, this configuration must be performed on all members of the cluster.

    • Before using SNMP with VSX Gateway / VSX Cluster, relevant security rules must be installed in order to allow the SNMP traffic (refer to section "(II) SNMP configuration").

    • In VSX cluster, SNMP query for IP addresses of Virtual Systems will return the IP addresses that belong to cluster members internal communications network ("Funny IP") and not the Virtual IP addresses that were configured in the SmartDashboard.

      SNMP query can be made using either Check Point MIB file (e.g., OID .1.3.6.1.4.1.2620.1.1.27.1.3 - 'fwNetIfIPAddr'), or a standard MIB file (e.g., OID .1.3.6.1.2.1.2.2 - 'ifTable' from IF-MIB / RFC1213-MIB files).
    • For VSX versions R75.40VS / R76 / R77 / R77.10 / R77.20, before using queries for SNMP VSX tree, follow:



  • (III-3) Query VSX Gateway over SNMP - VSX SNMP Tree

    Show / Hide this section

    The VSX SNMP tree allows getting the information per Virtual Device (VS, VSW, VR).
    For example, the current number of connections in the Connections Table for specific Virtual System.

    The VSX SNMP tree is available only to SNMP daemon running in the context of VSX Gateway / VSX Cluster member itself (context of VS0).
    Refer to $CPDIR/lib/snmp/chkpnt.mib file on VSX Gateway.
    Load this MIB file in your SNMP Browser / SNMP Management application and use the VSX tree OID .1.3.6.1.4.1.2620.1.16 to query the VSX Gateway / VSX Cluster member / Virtual Devices.

  • (III-4) Query VSX Gateway over SNMP - SNMP Default mode

    Show / Hide this section
    General
    information
    • In this mode, SNMP daemon runs only in the context of VSX Gateway / VSX Cluster member (VS0).
      The SNMP daemon in the context of VS0 will monitor the following:

      1. SNMP VSX tree.
      2. Check Point SNMP OIDs as described in Check Point MIB files (refer to section "(I) Background").
        These can give an overall status of the whole machine and they are not specific to Virtual Devices.
      3. OS standard SNMP OIDs.
        These can be used to get overall CPU usage, Disk usage, Memory usage and Hardware monitoring.
    • SNMP queries must be sent to the IP address of VSX Gateway / VSX Cluster member itself (context of VS0).

    Example diagram:

    1. Host (1) sends an SNMP query (2) to the IP address of the
      Management interface on VSX Gateway (3) / VSX Cluster member (3)

    2. SNMP query is processed by the SNMP daemon in the context of VS0 (5)

    3. VS0 (5) sends an SNMP response (4)

    Notes
    • The Check Point SNMP counter vsxCountersTable (OID 1.3.6.1.4.1.2620.1.16.23) provides
      the total information for both non-accelerated (F2F) and accelerated (by SecureXL) packets.

    Configuration

    Note: In cluster environment, this procedure must be performed on all members of the cluster.

    1. Connect to the command line on VSX Gateway (over SSH, or console).

    2. Log in to Clish.

    3. Enable the SNMP Agent:

      HostName:0> set snmp agent on
    4. Configure the SNMP mode to 'default':

      HostName:0> set snmp mode default
    5. Save the changes in Gaia Database:

      HostName:0> save config
    6. Verify that relevant SNMP daemon is running:

      [Expert@HostName:0]# ps auxw | grep -v grep | grep -E "PID|snmp"

      Example output for SNMP in Default mode:

      [Expert@VSX:0]# ps auxw | grep -v grep | grep -E "PID|snmp"
      USER       PID %CPU %MEM    VS?   RSS TTY      STAT START   TIME COMMAND
      admin     4143  6.3  0.2  23196  8812 ?        Ss   17:13   0:00 /usr/sbin/snmpd -f -c /etc/snmp/userDefinedSettings.conf
      
    7. Verify that relevant SNMP daemon is answering to SNMP queries:

      [Expert@VSX:0]# snmpwalk -v <1 | 2c> -c <COMMUNITY> <IP_ADDRESS_OF_VSX_GATEWAY_ITSELF> .1.3.6.1.4.1.2620.1.16.23

      Example - query for number of active connections on each Virtual Device:

      [Expert@VSX:0]# snmpwalk -v2c -c public localhost .1.3.6.1.4.1.2620.1.16.23.1.1.2
      


  • (III-5) Query VSX Gateway over SNMP - SNMP VS mode

    Show / Hide this section
    General
    information
    • Each Virtual Device has a separate SNMP daemon running in the context of that Virtual Device.

    • SNMP queries to SNMP daemons in the contexts of Virtual Devices must be sent in the following way:

      • sent using SNMP v3
      • sent to the IP address of Management interface on VSX Gateway / VSX Cluster member itself (context of VS0)
      • sent using exact Virtual Device context (otherwise, the answer is returned for the context of VS0)
    • To specify, which Virtual Device context should be queried, SNMP v3 contexts mechanism is used (see examples below).

    • SNMP v3 must be configured on VSX Gateway / each VSX Cluster member (refer to section "(II) SNMP configuration").

    Example diagram:

    1. Host (1) sends an SNMP query (2) to the IP address of the
      Management interface on VSX Gateway (3) / VSX Cluster member (3)
      using exact Virtual Device context (5)
    2. SNMP query is processed by the SNMP daemon running in the context of that Virtual Device (5)
    3. Virtual Device (5) sends an SNMP response (4)
    Notes
    • Check Point VSX OID Branch 1.3.6.1.4.1.2620.1.16 is available only in the context of VS0.
      The SNMP response contains the data from all configured Virtual Devices [Limitation ID 01453316].

    • SNMP OIDs other than VSX OID Branch 1.3.6.1.4.1.2620.1.16 can be queried per Virtual Device.
      The SNMP response contains the data only from the specific queried Virtual Device.

    • Only SNMP daemon running in the context of VS0 supports SNMP traps.

    Configuration

    Note: In cluster environment, this procedure must be performed on all members of the cluster.

    1. Create an SNMPv3 User:

      • Either configure authentication without privacy:

        HostName:0> add snmp usm user USERNAME security-level authNoPriv auth-pass-phrase PASSPHRASE

        HostName:0> set snmp usm user USERNAME <usm-read-only | usm-read-write>
      • Or configure authentication with privacy:

        HostName:0> add snmp usm user USERNAME security-level authPriv <auth-pass-phrase | privacy-pass-phrase> PASSPHRASE

        HostName:0> set snmp usm user USERNAME <usm-read-only | usm-read-write>
    2. Enable the SNMP Agent:

      HostName:0> set snmp agent on
    3. Configure the SNMP mode to 'VS':

      HostName:0> set snmp mode vs
    4. Set SNMP user permission to query any Virtual System:

      HostName:0> set snmp usm user USERNAME vsid all
    5. Save the changes in Gaia Database:

      HostName:0> save config
    6. Verify that relevant SNMP daemons are running:

      [Expert@HostName:0]# ps auxw | grep -v grep | grep -E "PID|snmp"

      Show / Hide example output

      There are 4 configured Virtual Systems in this example output for SNMP in Virtual System mode.

      [Expert@VSX:0]# ps auxw | grep -v grep | grep -E "PID|snmp"
      USER       PID %CPU %MEM    VS?   RSS TTY      STAT START   TIME COMMAND
      admin     2501  0.1  0.0   3156  1184 ?        Ss   17:10   0:00 /usr/sbin/snmp_launcher
      admin     2522  1.1  0.2  23204  8812 ?        S    17:10   0:00 /etc/snmp/vsx-proxy/CTX/1/snmpd_1 -f -C -c /etc/snmp/vsx-proxy/CTX/1/snmpd.user.conf,/etc/snmp/vsx-proxy/CTX/1/snmpd.local.conf /tmp/snmpd1_uds localhost
      admin     2540  1.1  0.2  23208  8816 ?        S    17:11   0:00 /etc/snmp/vsx-proxy/CTX/2/snmpd_2 -f -C -c /etc/snmp/vsx-proxy/CTX/2/snmpd.user.conf,/etc/snmp/vsx-proxy/CTX/2/snmpd.local.conf /tmp/snmpd2_uds localhost
      admin     2559  1.1  0.2  23204  8816 ?        S    17:11   0:00 /etc/snmp/vsx-proxy/CTX/3/snmpd_3 -f -C -c /etc/snmp/vsx-proxy/CTX/3/snmpd.user.conf,/etc/snmp/vsx-proxy/CTX/3/snmpd.local.conf /tmp/snmpd3_uds localhost
      admin     2578  1.1  0.2  23204  8816 ?        S    17:11   0:00 /etc/snmp/vsx-proxy/CTX/4/snmpd_4 -f -C -c /etc/snmp/vsx-proxy/CTX/4/snmpd.user.conf,/etc/snmp/vsx-proxy/CTX/4/snmpd.local.conf /tmp/snmpd4_uds localhost
      admin     2601  2.1  0.2  23452  8896 ?        Ss   17:11   0:00 /usr/sbin/snmpd -f -c /etc/snmp/userDefinedSettings.conf,/etc/snmp/vsx-proxy/snmpd.vsx.proxy.conf -p /etc/snmp/snmpd.pid
      
    Query specific
    Virtual Device
    • To query specific Virtual Device (not VS0), use SNMP v3 and specify the required Virtual Device context in the following format:

      [Expert@HostName:0]# snmpwalk -v3 -u SNMPv3_USER -l <authNoPriv | authPriv> -A PASSPHRASE -n ctxname_vsid<VSID_NUMBER> <IP_ADDRESS_OF_VSX_GATEWAY_ITSELF> <OID>

      Note: "ctxname_vsid<VSID_NUMBER>" is one word.

      Example - query for name of policy loaded on Virtual System 3:

      [Expert@HostName:0]# snmpwalk -v3 -u test_user -l authNoPriv -A testpass123 -n ctxname_vsid3 <IP_ADDRESS_OF_VSX_GATEWAY_ITSELF> 1.3.6.1.4.1.2620.1.1.25.1
    • To query only VS0, use the following formats:

      • SNMP v1:

        [Expert@HostName:0]# snmpwalk -v1 -c <community> <IP_ADDRESS_OF_VSX_GATEWAY_ITSELF> <OID>
      • SNMP v2c:

        [Expert@HostName:0]# snmpwalk -v2c -c <community> <IP_ADDRESS_OF_VSX_GATEWAY_ITSELF> <OID>
      • SNMP v3:

        [Expert@HostName:0]# snmpwalk -v3 -u <SNMPv3_USER_NAME> -l <authNoPriv | authPriv> -A <PASSPHRASE> <IP_ADDRESS_OF_VSX_GATEWAY_ITSELF> <OID>

      Examples:

      • Local query for name of policy loaded on VS0:

        [Expert@HostName:0]# snmpwalk -v 2c -c test_community <IP_ADDRESS_OF_VSX_GATEWAY_ITSELF> 1.3.6.1.4.1.2620.1.1.25.1
      • Local query for names of policies loaded on all Virtual-Devices:

        [Expert@HostName:0]# snmpwalk -v3 -u test_user -l authNoPriv -A testpass123 <IP_ADDRESS_OF_VSX_GATEWAY_ITSELF> .1.3.6.1.4.1.2620.1.16.22.1.1.6


  • (III-6) Query VSX Gateway over SNMP - FAQ

    Show / Hide this section
    Click Here to Show the Entire FAQ
    • How can we monitor connections / drops / bandwidth / etc. per Virtual System?

      As described in the above subsections of the section "(III) Query VSX Gateway over SNMP":

      • The VSX SNMP tree (1.3.6.1.4.1.2620.1.16) allows getting the information per Virtual Device (VS, VSW, VR).
        The VSX SNMP tree is available only to SNMP daemon running in the context of VSX Gateway / VSX Cluster member itself (context of VS0).
        The SNMP response contains the data from all configured Virtual Devices [Limitation ID 01453316].

      • SNMP OIDs other than the above VSX SNMP tree can be queried per Virtual Device.
        The SNMP response contains the data only from the specific queried Virtual Device.

      Action plan:

      1. Load the Check Point MIB file (refer to $CPDIR/lib/snmp/chkpnt.mib file on VSX Gateway) in your SNMP Browser / SNMP Management application.

      2. Locate the relevant OID.

        • If the relevant OID is defined under the VSX SNMP tree (1.3.6.1.4.1.2620.1.16), then SNMP query should be sent to VSX Gateway / VSX Cluster Member itself.
        • If the relevant OID is defined under any other SNMP tree (other than VSX SNMP tree), then SNMP query should be sent to specific queried Virtual Device.

        Refer to section "Common used SNMP OIDs".

        Examples:

        Provided information SNMP Object ID SNMP Object Name
        Number of active connections on Virtual Device .1.3.6.1.4.1.2620.1.16.23.1.1.2 vsxCountersConnNum
        Number of concurrent connections .1.3.6.1.4.1.2620.1.1.25.3.0 fwNumConn


    • Do SNMPv3 USM users have the ability to run SNMP queries for specified Virtual Devices on a VSX Gateway?
      • In VSX versions R77.30 and lower, any USM user can run SNMP queries for any configured Virtual Device.

      • In VSX versions R80.10 and above, the administrator must specify which Virtual Devices each USM user is allowed to query.
        Otherwise, a USM user would not be able to run SNMP queries on the VSX Gateway.



    • How should we monitor CPU utilization per Virtual Devices using SNMP?
      • For total CPU utilization for the entire VSX Gateway, query:

        • the OID .1.3.6.1.4.1.2620.1.6.7.5 ((multiProcTable) from Check Point MIB
        • the OID .1.3.6.1.4.1.2021.11 (systemStats) from UCD-SNMP-MIB

        Refer to sk92402 - How to query utilization of individual CPU cores via SNMP.

      • For CPU utilization for the specific Virtual Device (average on all CPU cores), query:

        • the OID .1.3.6.1.4.1.2620.1.16.22.2 (vsxStatusCPUUsageTable) from Check Point MIB
      • When working with SNMP in VS mode, querying for CPU utilization on a Virtual Device using non-Check Point SNMP OIDs (e.g., .1.3.6.1.4.1.2021.11 (systemStats) from UCD-SNMP-MIB) will return the CPU utilization level for the entire VSX Gateway and not for the specific Virtual Device.

      • For custom CPU monitoring:

        1. A custom shell script can be created that calculates the CPU utilization for the specific Virtual Device.
          For example, the custom script would execute the 'vsx resctrl' command and return only the data relevant for the specific Virtual Device.
        2. A custom OID can be configured to execute this custom shell script.

        Follow the section "(IV-6) Advanced SNMP configuration - Extend SNMP with shell script".

      • Additional CPU monitoring capabilities are available via special Hotfixes for R77.X versions - e.g., ID 02331420 (these are planned to be integrated into R80.10).



    • How should we monitor Memory utilization per Virtual Devices using SNMP?
      • For total Memory utilization for the entire VSX Gateway, query:

        • the OID 1.3.6.1.4.1.2620.1.6.7.1 ((svnMem) from Check Point MIB
        • the OID .1.3.6.1.4.1.2021.4 (memory) from UCD-SNMP-MIB
      • When working with SNMP in VS mode, querying for CPU utilization on a Virtual Device using non-Check Point SNMP OIDs (e.g., .1.3.6.1.4.1.2021.4 (memory) from UCD-SNMP-MIB) will return the Memory utilization level for the entire VSX Gateway and not for the specific Virtual Device.

      • For custom Memory monitoring:

        1. A custom shell script can be created that calculates the CPU utilization for the specific Virtual Device.
          For example, the custom script would execute the 'vsx mstat' command and return only the data relevant for the specific Virtual Device.
          Important Note: The 'vsx mstat' command impacts the performance and should be used wisely; perhaps, with local cache of the results and parsing the cache file.
        2. A custom OID can be configured to execute this custom shell script.

        Follow the section "(IV-6) Advanced SNMP configuration - Extend SNMP with shell script".

      • Additional Memory monitoring capabilities are available via special Hotfixes for R77.X versions - e.g., ID 02331420 (these are planned to be integrated into R80.10).



    • How should we monitor Disk usage per Virtual Devices using SNMP?
      • To monitor the total disk usage on VSX Gateway, query:

        • the OID .1.3.6.1.4.1.2620.1.6.7.3 (svnDisk) from Check Point MIB
        • the OID .1.3.6.1.4.1.2620.1.6.7.6 (multiDiskTable) from Check Point MIB
        • the OID .1.3.6.1.4.1.2021.9 (dskTable) from UCD-SNMP-MIB
      • It is not possible to monitor disk usage Virtual Device using SNMP.



    • How should we monitor Power Supply using SNMP?

      To monitor the Power Supply, query:

      • the OID .1.3.6.1.4.1.2620.1.6.7.9 (powerSupplyInfo) from Check Point MIB


    • Does VSX support SNMP traps?

      As described in the above subsections of the section "(III) Query VSX Gateway over SNMP":

      • Only SNMP daemon running in the context of VSX Gateway / VSX Cluster member itself (context of VS0) supports SNMP traps.

      Administrator could use custom OID traps over the VSX OID to get traps for events in specific Virtual Devices:

      VSX SNMP tree provides information per Virtual Device.
      Administrator could configure a custom trap (as described in the section "(IV-2) Advanced SNMP configuration - Custom SNMP traps").
      For example, if we want to get a trap when number of concurrent connections is higher than some threshold on a specific Virtual System, we can configure trap for the OID .1.3.6.1.4.1.2620.1.16.23.1.1.2.<Virtual_Device_Index> (refer to vsxCountersConnNum).
      Note: To find the <Virtual_Device_Index> of a specific Virtual System, query the OID .1.3.6.1.4.1.2620.1.16.22.1.1.3 (vsxStatusVsName).

 

(IV) Advanced SNMP configuration

Click Here to show the entire section
  • (IV-1) Advanced SNMP configuration - Custom SNMP settings

    Show / Hide this section
    • Background:

      Some SNMP functionality cannot be configured via Gaia Portal or Gaia CLI. For example:

      • Setting SNMP 'sysName'
      • Adding user-defined OIDs
      • Configuring DISMAN traps
      • etc.

      In order to extend the SNMP configuration manually on a Gaia OS machine, add the following new SNMPD configuration files:

      Mode Location Procedure
      Gateway
      (non-VSX)
      /etc/snmp/userDefinedSettings.conf

      Note: This file is already integrated into the following versions: R75.45, R75.46, R75.47, R76 and above.
      Link
      VSX /etc/snmp/vsx-proxy/CTX/<VSID>/snmpd.user.conf Link

      These files should contain legal SNMPD settings. Every NET-SNMP configuration token is valid.

    • Procedure for the /etc/snmp/userDefinedSettings.conf file:

      1. Get the default SNMP parameters from the Gaia Database, copy and save them for reference / roll-back purposes:

        Note: If you changed any SNMP settings (either in Gaia Portal, or in Gaia Clish), make sure you save these changes before running the 'grep' command (in Gaia Portal - click on 'Apply' button; in Gaia Clish - run the 'save config' command).

        [Expert@HostName:0]# grep 'process:snmp' /config/db/initial

        Example outputs (SNMP Agent is enabled):

        Version Output
        R76
        (and above)
        • If SNMP mode set to 'default' (monitors only VS0):
          process:snmpd t
          process:snmpd:path /usr/sbin
          process:snmpd:arg:1 -f
          process:snmpd:arg:2 -c
          process:snmpd:arg:3 /etc/snmp/userDefinedSettings.conf
          process:snmpd:runlevel 4
          process:snmp_launcher:path /usr/sbin
          process:snmp_launcher:runlevel 4
          
        • VSX Mode with SNMP mode set to 'vs' (monitors all configured Virtual Devices):
          process:snmpd t
          process:snmpd:path /usr/sbin
          process:snmpd:arg:5 /etc/snmp/snmpd.pid
          process:snmpd:arg:4 -p
          process:snmpd:arg:1 -f
          process:snmpd:arg:2 -c
          process:snmpd:arg:3 /etc/snmp/userDefinedSettings.conf,/etc/snmp/vsx-proxy/snmpd.vsx.proxy.conf
          process:snmpd:runlevel 4
          process:snmp_launcher:path /usr/sbin
          process:snmp_launcher:runlevel 4
          
        R75.47
        R75.46
        R75.45
        process:snmpd t
        process:snmpd:path /usr/sbin
        process:snmpd:arg:1 -f
        process:snmpd:arg:2 -c
        process:snmpd:arg:3 /etc/snmp/userDefinedSettings.conf
        process:snmpd:runlevel 4
        
        R75.40VS
        • If SNMP mode set to 'default' (monitors only VS0):
          process:snmpd t
          process:snmpd:path /usr/sbin
          process:snmpd:arg:1 -f
          process:snmpd:runlevel 4
          process:snmp_launcher:path /usr/sbin
          process:snmp_launcher:runlevel 4
          
        • VSX Mode with SNMP mode set to 'vs' (monitors all configured Virtual Devices):
          process:snmpd t
          process:snmpd:path /usr/sbin
          process:snmpd:arg:5 /etc/snmp/snmpd.pid
          process:snmpd:arg:4 -p
          process:snmpd:arg:3 /etc/snmp/vsx-proxy/snmpd.vsx.proxy.conf
          process:snmpd:arg:2 -c
          process:snmpd:arg:1 -f
          process:snmpd:runlevel 4
          process:snmp_launcher:path /usr/sbin
          process:snmp_launcher:runlevel 4
          
        R75.40
        process:snmpd t
        process:snmpd:path /usr/sbin
        process:snmpd:arg:1 -f
        process:snmpd:runlevel 4
        
      2. Backup the current Gaia Database:

        [Expert@HostName:0]# cp -v /config/db/initial /config/db/initial_ORIGINAL
        [Expert@HostName:0]# cp -v /config/db/initial_db /config/db/initial_db_ORIGINAL
      3. Disable the SNMP Agent in one of the following ways:

        • In Gaia Portal:

          Go to System Management section - click on SNMP page - under SNMP General Settings, clear the box Enable SNMP Agent - click on Apply button.
        • In Gaia Clish:

          HostName:0> set snmp agent off
      4. Go to Expert mode:

        HostName:0> expert
      5. Check that SNMPD daemon is not running:

        [Expert@HostName:0]# ps auxw | grep -v grep | grep snmpd
      6. Execute the following commands to add the new SNMPD configuration file to the Gaia Database:

        Important Note: On Security Gateway in VSX Mode (R75.40VS, R76 and above), when changing the SNMP mode between 'default' and 'vs', the SNMP configuration is reset to default in the Gaia Database. Meaning, that after changing the SNMP mode, the user should add this configuration file again.

        Related solution: sk92770 - How to use dbget and dbset on Gaia OS.

        Version Required commands
        R76
        (and above)
        • If SNMP mode set to 'default' (monitors only VS0):

          No changes are needed. This file is already added (integrated).

          Verify by running the following command:

          [Expert@HostName:0]# grep 'process:snmp' /config/db/initial
        • VSX Mode with SNMP mode set to 'vs' (monitors all configured Virtual Devices):

          No changes are needed. This file is added automatically (in 'process:snmpd:arg:3') when SNMP mode set to 'vs'.

          Verify by running the following command:

          [Expert@HostName:0]# grep 'process:snmp' /config/db/initial

          Important Note:

          • On Security Gateway R76 (and above) in VSX Mode, working with SNMP in 'vs' mode requires an SNMP v3 user.
            Refer to VSX Administration Guide (R76, R77) - Chapter 9 'Optimizing VSX' - SNMP Monitoring.
        R75.47
        R75.46
        R75.45

        No changes are needed. This file is already added (integrated).

        Verify by running the following command:

        [Expert@HostName:0]# grep 'process:snmp' /config/db/initial
        R75.40VS
        • If SNMP mode set to 'default' (monitors only VS0), then run:

          [Expert@HostName:0]# dbset process:snmpd:arg:2 -c
          [Expert@HostName:0]# dbset process:snmpd:arg:3 /etc/snmp/userDefinedSettings.conf
          [Expert@HostName:0]# grep 'process:snmp' /config/db/initial
        • VSX Mode with SNMP mode set to 'vs' (monitors all configured Virtual Devices), then run:

          [Expert@HostName:0]# dbset process:snmpd:arg:3 /etc/snmp/userDefinedSettings.conf,/etc/snmp/vsx-proxy/snmpd.vsx.proxy.conf
          [Expert@HostName:0]# grep 'process:snmp' /config/db/initial

          Important Notes:
          • Spaces are not allowed between /etc/snmp/userDefinedSettings.conf,/etc/snmp/vsx-proxy/snmpd.vsx.proxy.conf.
          • On Security Gateway R75.40VS in VSX Mode, working with SNMP in 'vs' mode requires an SNMP v3 user.
            Refer to R75.40VS VSX Administration Guide - Chapter 8 'Optimizing VSX' - SNMP Monitoring.
        R75.40

        Run the following commands:

        [Expert@HostName:0]# dbset process:snmpd:arg:2 -c
        [Expert@HostName:0]# dbset process:snmpd:arg:3 /etc/snmp/userDefinedSettings.conf
        [Expert@HostName:0]# grep 'process:snmp' /config/db/initial
      7. Create the new configuration file itself:

        Note: This file is already integrated into R75.45, R75.46, R75.47, R76 and above.

        [Expert@HostName:0]# touch /etc/snmp/userDefinedSettings.conf
      8. Add the user-defined SNMPD settings to the new configuration file (for example: sysName <New_sysName>, custom OID):

        [Expert@HostName:0]# vi /etc/snmp/userDefinedSettings.conf

        Important Note:
        Monitoring of specific OIDs can be added to the /etc/snmp/userDefinedSettings.conf file using the following syntax:

        monitor -I -r <Number_of_Seconds> "TEXT" <OID> <OPERATOR> <VALUE>

        Where:

        Argument Explanation
        -I Indicates that the monitored expression should be applied to the specified OID as a single instance.
        By default, the OID will be treated as a wild carded object, and the monitor expanded to cover all matching instances
        -r <Number_of_Seconds> Frequency of evaluation in seconds.
        By default, the expression will be evaluated every 600 seconds (10 minutes).
        "TEXT" The text string to be sent with the SNMP Trap.
        OID OID to be monitored for the SNMP Trap.
        OPERATOR

        One of these Boolean comparison operators:

        Operator Explanation
        == Equal to
        != Not equal to
        > Greater than
        < Less than
        VALUE Integer value (strings are not supported).
        For complete description of the 'monitor' operator, refer to the http://linux.die.net/man/5/snmpd.conf manual page - refer to this section:
        monitor [OPTIONS] NAME EXPRESSION

        Example:

        • Let us monitor the 'ifOperStatus' (operational state) of the Loopback interface.
          This 'ifOperStatus' OID 1.3.6.1.2.1.2.2.1.8 responds with one of these values:
          • 1 = up
          • 2 = down
          • 3 = testing
        • Let us configure the machine to send an SNMP Trap every 2 seconds if operational state of the Loopback interface is not 'Up'.

        • In order to query the specific interface, first we need to get the interface's index:

          [Expert@HostName:0]# snmpwalk -c <COMMUNITY_NAME> -v 2c localhost IF-MIB::ifDescr

          Note:
          The line for Loopback interface should look similar to this:
          IF-MIB::ifDescr.1 = STRING: lo
        • Hence, the syntax would be:

          monitor -I -r 2 "Test Loopback Trap" .1.3.6.1.2.1.2.2.1.8.1 != 1
      9. Enable the SNMP Agent in one of the following ways:

        • In Gaia Portal:

          Go to System Management section - click on SNMP page - under SNMP General Settings, check the box Enable SNMP Agent - click on Apply button.
        • In Gaia Clish:

          HostName:0> set snmp agent on
      10. Crucial step: Save the changes in Gaia Database:

        HostName:0> save config

      Notes:

      • Restart of SNMP Agent is required upon every modification in the /etc/snmp/userDefinedSettings.conf file.

      • Gaia's backup functionality might not back up the /etc/snmp/userDefinedSettings.conf file (copy the file to some other location).

      • The /etc/snmp/userDefinedSettings.conf file might not survive an upgrade (before the upgrade, copy the file to some other location; after the upgrade, manually merge the necessary user-defined configuration).



    • Procedure for the /etc/snmp/vsx-proxy/CTX/<VSID>/snmpd.user.conf file:

      1. Disable the SNMP Agent in Gaia Clish:

        HostName:0> set snmp agent off
      2. Go to Expert mode:

        HostName:0> expert
      3. Check that SNMPD daemon is not running:

        [Expert@HostName:0]# ps auxw | grep -v grep | grep snmpd
      4. Create the new configuration file itself:

        [Expert@HostName:0]# /etc/snmp/vsx-proxy/CTX/<VSID>/snmpd.user.conf
      5. Add the user-defined SNMPD settings to the new configuration file (for example: sysName <New_sysName>, custom OID):

        [Expert@HostName:0]# vi /etc/snmp/vsx-proxy/CTX/<VSID>/snmpd.user.conf
      6. Enable the SNMP Agent in Gaia Clish:

        HostName:0> set snmp agent on

      Notes:

      • Restart of SNMP Agent is required upon every modification in the /etc/snmp/vsx-proxy/CTX/<VSID>/snmpd.user.conf files.

      • Gaia's backup functionality might not back up the /etc/snmp/vsx-proxy/CTX/<VSID>/snmpd.user.conf files (copy the files to some other location).

      • The /etc/snmp/vsx-proxy/CTX/<VSID>/snmpd.user.conf files survive an in-place upgrade (but just in case, before the upgrade, copy the file to some other location).



  • (IV-2) Advanced SNMP configuration - Custom SNMP traps

    Show / Hide this section

    The snmpmonitor daemon is querying the snmpd daemon on the machine that listens on loopback interface by default. However, if the administrator has excluded the loopback interface "lo" from the SNMP Agent Interfaces list (refer to section "(IV-4) Advanced SNMP configuration - SNMP Agent Interfaces"), then the snmpmonitor daemon should try to connect to the first IP address of all interfaces in the SNMP Agent Interfaces list (the IP address can be either IPv4, or IPv6).

    Before Custom SNMP Traps can be configured, SNMP settings must already be configured per section "(II) SNMP configuration".

    Important Note: The snmpmonitor daemon described in this section, supports only SNMPv2 traps. If support for SNMPv3 USM traps is required, then refer to section "(IV-3) Advanced SNMP configuration - Support for SNMPv3 traps".

    • Instructions for Gaia R77.30 and above:

      Starting in R77.30, the snmpmonitor daemon is already integrated and located in /usr/sbin/snmpmonitor. The custom traps configuration (performed either in Gaia Portal, or in Gaia Clish) is saved in the /etc/snmp/snmpmonitor.conf file.

      Note: During an upgrade of Gaia OS to R77.30, if the configuration file /etc/snmp/snmpmonitor.conf already exists (due to previous/manual installation of the snmpmonitor daemon), then the existing file is renamed to /etc/snmp/snmpmonitor.conf.bak. The configuration is not automatically migrated into the R77.30 Gaia Database. Administrator is required to manually configure again the rules from the /etc/snmp/snmpmonitor.conf.bak file.

      • Show / Hide instructions for Gaia Portal
        1. Login to Gaia Portal.

        2. Go to System Management section - click on SNMP page.

        3. Go to section Custom Traps:

        4. Click on Add button and configure the desired custom SNMP Trap:

          Where:

          Field Explanation
          Trap Name Allowed characters are:
          • letters
          • numbers
          • underscore character ("_")
          • minus character ("-")
          OID Refer to relevant MIB files:
          • $CPDIR/lib/snmp/chkpnt.mib
          • $CPDIR/lib/snmp/chkpnt-trap.mib
          • /etc/snmp/GaiaTrapsMIB.mib
          • /usr/share/snmp/mibs/
          Operator Allowed operators are (press Tab to see the list):
          • Equal
          • Not_Equal
          • Less_Than
          • Greater_Than
          • Changed *

          * Note: When using the "Changed" operator - OID is queried, and the returned value is saved. During the next query (after 1 polling interval), the new returned value is compared to the saved value. If the new value differs from the saved value, then a trap is sent.
          Threshold Enter the threshold value, to which you want to compare the value returned by the configured OID.
          Refer to the OID definition in the relevant MIB file.
          Frequency Polling interval in seconds (any integer greater than zero).
          Message Trap message that is sent if the OID value meets a predefined condition.
          You can type a single word, or a sentence in quotation marks.

          Example:

        5. Configure Clear Trap interval and number of retries:

          Note: Clear Trap is a trap that indicates termination of a custom trap (when the trap condition is terminated). This Clear Trap applies to all configured custom traps.

          Field Explanation
          Clear Trap Interval Interval in seconds between clear traps (from 1 to 3600)
          Clear Trap Retries Number of clear traps that is sent after custom trap termination (from 1 to 100)


      • Show / Hide instructions for Gaia Clish
        1. Connect to the command line on Gaia OS machine (over SSH, or console).

        2. Log in to Clish.

        3. Configure the desired custom traps:

          HostName:0> add snmp custom-trap <Custom_Trap_Name> oid <OID> operator <OPERATOR> threshold <THRESHOLD> frequency <FREQUENCY> message <"MESSAGE">

          Where:

          Argument Explanation
          Custom_Trap_Name Allowed characters are:
          • letters
          • numbers
          • underscore character ("_")
          • minus character ("-")
          OID Refer to relevant MIB files:
          • $CPDIR/lib/snmp/chkpnt.mib
          • $CPDIR/lib/snmp/chkpnt-trap.mib
          • /etc/snmp/GaiaTrapsMIB.mib
          • /usr/share/snmp/mibs/
          OPERATOR Allowed operators are (press Tab to see the list):
          • Equal
          • Not_Equal
          • Less_Than
          • Greater_Than
          • Changed *

          * Note: When using the "Changed" operator - OID is queried, and the returned value is saved. During the next query (after 1 polling interval), the new returned value is compared to the saved value. If the new value differs from the saved value, then a trap is sent. This operator requires mandatory Threshold called "change".
          THRESHOLD Enter the threshold value, to which you want to compare the value returned by the configured OID.
          Refer to the OID definition in the relevant MIB file.
          FREQUENCY Polling interval in seconds (any integer greater than zero).
          "MESSAGE" Trap message that is sent if the OID value meets a predefined condition.
          You can type a single word, or a sentence in quotation marks.

          Notes:

          • To edit the parameters of configured Custom SNMP Trap:

            • HostName:0> set snmp custom-trap <Custom_Trap_Name> oid <New_OID>
            • HostName:0> set snmp custom-trap <Custom_Trap_Name> operator <New_OPERATOR>
            • HostName:0> set snmp custom-trap <Custom_Trap_Name> threshold <New_THRESHOLD>
            • HostName:0> set snmp custom-trap <Custom_Trap_Name> frequency <New_FREQUENCY>
            • HostName:0> set snmp custom-trap <Custom_Trap_Name> message <"New_MESSAGE">
          • To delete the configured Custom SNMP Trap:

            • HostName:0> delete snmp custom-trap <Custom_Trap_Name>
        4. Configure Clear Trap interval and number of retries:

          Note: Clear Trap is a trap that indicates termination of a custom trap (when the trap condition is terminated). This Clear Trap applies to all configured custom traps.

          HostName:0> set snmp clear-trap interval <INTERVAL> retries <NUMBER>

          Where:

          Argument Explanation
          <INTERVAL> Interval in seconds between clear traps (from 1 to 3600)
          <NUMBER> Number of clear traps that is sent after custom trap termination (from 1 to 100)

          Notes:

          • To delete the configured clear trap:

            HostName:0> delete snmp clear-trap
        5. Crucial Step: Save the changes in Gaia Database:

          HostName:0> save config
    • Instructions for Gaia R75.40 - R77.20:

      Show / Hide instructions
      1. Download the snmpmonitor daemon from here.

      2. Transfer the archive file (snmpmonitor.tar) to the Gaia OS machine (into some directory, e.g., /some_path/).

      3. Unpack the archive file:

        [Expert@HostName:0]# cd /some_path/
        [Expert@HostName:0]# tar -xvf snmpmonitor.tar

      4. Copy the snmpmonitor file to /bin/ directory:

        [Expert@HostName:0]# cp /some_path/snmpmonitor /usr/sbin/snmpmonitor
      5. Assign the relevant permissions to '/usr/sbin/snmpmonitor':

        [Expert@HostName:0]# chmod a+x /usr/sbin/snmpmonitor
      6. Create the user-defined traps:

        1. Create a new configuration file:

          [Expert@HostName:0]# touch /etc/snmp/snmpmonitor.conf
        2. Assign the relevant ownership and permissions to thisfile:

          [Expert@HostName:0]# chown -v admin:root /etc/snmp/snmpmonitor.conf
          [Expert@HostName:0]# chmod -v u=rw /etc/snmp/snmpmonitor.conf
        3. Edit the new configuration file in Vi editor:

          [Expert@HostName:0]# vi /etc/snmp/snmpmonitor.conf
        4. Add the relevant lines:

          1. Add the following mandatory directive:

            cp_pcommunity <YOUR_COMMUNITY_NAME>

            Note: Only single <YOUR_COMMUNITY_NAME> is supported.

            Example:

            cp_pcommunity my_org_community
          2. Configure the Trap Receiver (Trap Sink) Server(s):

            trap2sink <IP_Address_of_Trap_Sink_Server_1>[:<port>] <YOUR_COMMUNITY_NAME>
            trap2sink <IP_Address_of_Trap_Sink_Server_2>[:<port>] <YOUR_COMMUNITY_NAME>
            .............................................
            trap2sink <IP_Address_of_Trap_Sink_Server_N>[:<port>] <YOUR_COMMUNITY_NAME>

            Example:

            trap2sink 1.2.3.4 my_org_community
          3. Add the following line per each SNMP trap you wish to define:

            cp_monitor <OID> <OPERATOR> <THRESHOLD> <FREQUENCY> <"MESSAGE">

            The cp_monitor directive defines a single monitoring rule. Once the expression evaluates to true, traps are sent until the expression evaluates back to false. At that point, one or more clear traps are sent to indicate that the OID value has fallen back within acceptable boundaries.

            For more information about the cp_monitor directive, refer to SecurePlatform Administration Guide (R75.40, R75.40VS, R76, R77) - Chapter 'SNMP Support' - SNMP Monitoring - Commands used by SNMP Monitor - cp_monitor.

            Parameter Description
            OID Use standard OID notation. Supported OID types are:
            • Integer
            • String
            OPERATOR
            OID type Operator Description
            Integer != Not equal
            < Less than
            > Greater than
            == Equal to
            >< Changed *
            String != Not equal
            == Equal to
            >< Changed *

            * Note: When using the "Changed" operator - OID is queried, and the returned value is saved. During the next query (after 1 polling interval), the new returned value is compared to the saved value. If the new value differs from the saved value, then a trap is sent. This operator requires mandatory Threshold called "change".
            THRESHOLD
            OID type Threshold type
            Integer an integer value
            String a string enclosed within double quotes ""

            Note: The >< operator requires mandatory Threshold called "change".
            FREQUENCY Integer value representing polling interval in seconds.
            The snmpd daemon polls each monitored OID at the given interval.
            If a trap should be sent, then a trap is sent.
            "MESSAGE" A textual message to describe the trap (sent as part of the trap).
            Must be enclosed within double quotes "".

            Examples:

            cp_monitor .1.3.6.1.2.1.25.5.1.1.1.4778 < 100 10 "send trap"
            cp_monitor 1.3.6.1.4.1.2620.1.5.6.0 >< change 2 "State of cluster member has been changed"
            Additional examples of a user-defined SNMP traps file can be found in sk42426.
          4. If needed, define the number of clear traps to send:

            Note: SNMP sends clear traps when the OID value in a rule returns to its defined threshold.

            cp_cleartrap <INTERVAL> <NUMBER_of_RETRIES>

            Parameter Description
            INTERVAL An integer number of seconds between clear trap packets. Default is 10 seconds.
            NUMBER_of_RETRIES An integer number of clear trap packets to send. Default is 3 packets.
      7. Configure Gaia OS to run the snmpmonitor process at each boot:

        1. Log in to Expert mode.

        2. Add the snmpmonitor process to Gaia Database by running the following commands:

          Version Commands
          R77.20
          R77.10
          R77
          [Expert@HostName:0]# dbset process:snmpmonitor:path /usr/sbin
          [Expert@HostName:0]# dbset process:snmpmonitor:arg:1 /etc/snmp/snmpmonitor.conf
          [Expert@HostName:0]# dbset process:snmpmonitor:env:LD_LIBRARY_PATH /lib\:/usr/lib\:/opt/CPshrd-R77/lib
          [Expert@HostName:0]# dbset process:snmpmonitor:runlevel 4
          [Expert@HostName:0]# dbset process:snmpmonitor t
          [Expert@HostName:0]# dbset :save
          R76 [Expert@HostName:0]# dbset process:snmpmonitor:path /usr/sbin
          [Expert@HostName:0]# dbset process:snmpmonitor:arg:1 /etc/snmp/snmpmonitor.conf
          [Expert@HostName:0]# dbset process:snmpmonitor:env:LD_LIBRARY_PATH /lib\:/usr/lib\:/opt/CPshrd-R76/lib
          [Expert@HostName:0]# dbset process:snmpmonitor:runlevel 4
          [Expert@HostName:0]# dbset process:snmpmonitor t
          [Expert@HostName:0]# dbset :save
          R75.40VS [Expert@HostName:0]# dbset process:snmpmonitor:path /usr/sbin
          [Expert@HostName:0]# dbset process:snmpmonitor:arg:1 /etc/snmp/snmpmonitor.conf
          [Expert@HostName:0]# dbset process:snmpmonitor:env:LD_LIBRARY_PATH /lib\:/usr/lib\:/opt/CPshrd-R75.40VS/lib
          [Expert@HostName:0]# dbset process:snmpmonitor:runlevel 4
          [Expert@HostName:0]# dbset process:snmpmonitor t
          [Expert@HostName:0]# dbset :save

          Note: The LD_LIBRARY_PATH is a Check Point environment variable - this variable is a part of the syntax.
      8. Restart the snmpmonitor daemon:

        When you edit the /etc/snmp/snmpmonitor.conf file, remember to restart the snmpmonitor by issuing the following commands in Expert mode:

        [Expert@HostName:0]# tellpm process:snmpmonitor
        [Expert@HostName:0]# tellpm process:snmpmonitor t


    • Troubleshooting:

      Show / Hide troubleshooting instructions

      Double-check / repeat the configuration of custom SNMP traps if you encounter the following symptoms:

      • Custom SNMP traps are sent only once.

      • Output of "ps auxw" command does not show the "snmpmonitor" process.

      • /var/log/messages file shows that "snmpmonitor" process is repeatedly restarted.

        Example:

        Date Time pm[PID]: Scheduled snmpmonitor for +1 secs
        Date Time pm[PID]: Restarted /usr/sbin/snmpmonitor[PID], count=N
        Date Time pm[PID]: Reaped: snmpmonitor[PID]
        Date Time pm[PID]: Scheduled snmpmonitor for +2 secs
        Date Time pm[PID]: Restarted /usr/sbin/snmpmonitor[PID], count=N
        Date Time pm[PID]: Reaped: snmpmonitor[PID]
        Date Time pm[PID]: Scheduled snmpmonitor for +4 secs
        Date Time pm[PID]: Restarted /usr/sbin/snmpmonitor[PID], count=N
        Date Time pm[PID]: Reaped: snmpmonitor[PID]
        Date Time pm[PID]: Scheduled snmpmonitor for +8 secs
        Date Time pm[PID]: Restarted /usr/sbin/snmpmonitor[PID], count=N
        Date Time pm[PID]: Reaped: snmpmonitor[PID]
        Date Time pm[PID]: Scheduled snmpmonitor for +16 secs
        Date Time pm[PID]: Restarted /usr/sbin/snmpmonitor[PID], count=N
        Date Time pm[PID]: Reaped: snmpmonitor[PID]
        Date Time pm[PID]: Scheduled snmpmonitor for +32 secs
        


  • (IV-3) Advanced SNMP configuration - Support for SNMPv3 traps

    Show / Hide this section

    The snmpmonitor daemon, described in section "(IV-2) Advanced SNMP configuration - Custom SNMP traps" - "Instructions for Gaia R75.40 - R77.20"), supports only SNMPv2 traps.

    If support for SNMPv3 USM traps is required for version R77.20 and below, contact Check Point Support to get an improved snmpmonitor daemon that also supports SNMPv3 (Issue ID 01855634).
    A Support Engineer will make sure the daemon is compatible with your environment before providing it.
    For faster resolution and verification, please collect CPinfo file from the involved Gaia OS machine.

    Hotfix installation instructions:

    1. Hotfix has to be installed on machine running Gaia OS.

      Notes:

      • In cluster environment, this procedure must be performed on all members of the cluster.
      • In Management HA environment, this procedure must be performed on both Management Servers.
    2. Transfer the hotfix package to the machine (into some directory, e.g., /some_path_to_fix/).

    3. Unpack and install the hotfix package:

      [Expert@HostName:0]# cd /some_path_to_fix/
      [Expert@HostName:0]# tar -zxvf SecurePlatform_<HOTFIX_NAME>.tgz
      [Expert@HostName:0]# ./SecurePlatform_<HOTFIX_NAME>

      Note: The script will stop all of Check Point services (cpstop) - read the output on the screen.
    4. Reboot the machine.

    5. Add the relevant SNMPv3 USM configuration to the /etc/snmp/snmpmonitor.conf file:

      Setting Syntax Description
      Security Name used for authenticated SNMPv3 messages.
      • Either:
        securityName <UserName>
      • Or:
        Take the username from
        /var/lib/net-snmp/snmpd.conf file
      The SNMPv3 USM user is configured on Gaia OS (in either Gaia Portal, or Gaia Clish).
      Security Level used for SNMPv3 messages. seclvl <authPriv | authNoPriv | authPrivReq> You may configure an SNMPv3 USM user to have access:
      • "authPriv" / "authPrivReq" = with authentication and privacy - SNMPv3 USM user has has both an authentication pass phrase and a privacy pass phrase.
      • "authNoPriv" = with authentication, but not privacy - SNMPv3 USM user has only an authentication pass phrase and can connect only without privacy encryption.
      If a user is switched from "authPriv" to "authNoPriv", that user's privacy pass phrase will be lost.
      Authoritative (security) Engine ID used
      for SNMPv3 "REQUEST" messages.
      engineID <ID> This ID is found in Gaia Database (run 'grep engineID /config/db/initial') after configuring the SNMPv3 USM user.
      It is typically not necessary to specify this, as it will usually be discovered automatically.
      Refer to RFC 3411 - "3.1.1." and "3.1.1.1."
      Authentication Key authUnlocalizedKey <ID> This Key is found in Gaia Database (run 'grep auth:unlocalized_key /config/db/initial') after configuring the SNMPv3 USM user.
      Privacy Key privUnlocalizedKey <ID> This Key is found in Gaia Database (run 'grep priv:unlocalized_key /config/db/initial') after configuring the SNMPv3 USM user.
      Privacy Protocol privProtocol <OID>

      This OID is found in Gaia Database (run 'grep priv:proto /config/db/initial') after configuring the SNMPv3 USM user.

      • No Privacy Protocol = 1.3.6.1.6.3.10.1.2.1 (refer to RFC 3414)
      • DES = 1.3.6.1.6.3.10.1.2.2 (refer to RFC 3414)
      • AES = 1.3.6.1.6.3.10.1.2.4 (refer to RFC 3826)
      Version of SNMP
      • Either:
        snmpVersion v1/v2/v3
      • Or:
        snmpVersion v3
      Support either SNMP v1/v2/v3, or only SNMP v3.
      SNMP Community cp_pcommunity <YOUR_COMMUNITY_NAME> Mandatory directive. Only single YOUR_COMMUNITY_NAME is supported.
      Trap Receiver (Trap Sink) Server(s). trap2sink <IP_Address_of_Trap_Sink_Server_1[:port]> "" v3 Configure the Trap Receiver Server(s) for SNMPv3. Port is optional.
    6. Restart the snmpmonitor daemon:

      [Expert@HostName:0]# tellpm process:snmpmonitor
      [Expert@HostName:0]# tellpm process:snmpmonitor t


  • (IV-4) Advanced SNMP configuration - SNMP Agent Interfaces

    Show / Hide this section

    To configure "Agent Addresses" / "Agent Interfaces", on which the SNMP Agent will be "listening", follow these steps:

    1. Configure:

      There are two ways to configure Agent Addresses / Agent Interfaces.

      In Gaia Portal (recommended) In Expert mode
      1. Login to Gaia Portal.

      2. Go to System Management section - click on SNMP page.

      3. Go to section Agent Addresses / Agent Interfaces.

      4. Clear / check the boxes of the relevant interfaces.

      5. Click on Apply button.

      1. Log in to Expert mode.

      2. Run the following commands:

        [Expert@HostName:0]# dbset snmp:bind_if:<NAME_of_INTERFACE_1> t
        [Expert@HostName:0]# dbset snmp:bind_if:<NAME_of_INTERFACE_2> t
        [Expert@HostName:0]# dbset snmp:bind_if:<NAME_of_INTERFACE_3> t
        [Expert@HostName:0]# dbset save:config

        Example for Loopback, eth0 and eth1:

        [Expert@HostName:0]# dbset snmp:bind_if:lo t
        [Expert@HostName:0]# dbset snmp:bind_if:eth0 t
        [Expert@HostName:0]# dbset snmp:bind_if:eth1 t
        [Expert@HostName:0]# dbset save:config
        
    2. Verify:

      Use either one of these options.

      Where? Which command to run? Example output
      In Gaia Clish HostName:0> show snmp interfaces
      Enabled SNMP Agent Interfaces are
      eth1
      eth0
      lo
      
      In Gaia Portal [Expert@HostName:0]# dbget -iva snmp:bind_if
      Enabled SNMP Agent Interfaces are
      eth1
      eth0
      lo
      


  • (IV-5) Advanced SNMP configuration - Configure SNMPv3 users to use SHA / AES authentication

    • Show / Hide how to configure SHA / AES authentication
      • Background:

        Authentication for SNMPv3 USM user on Gaia OS provides only the following options (which are configured by default):

        • "Privacy Protocol/Type" = DES (AES does not exist in R75.40 - R77.20 versions). Starting in R77.30, also AES protocol is supported.
        • "Authentication Protocol/Type" = MD5 (SHA1 does not exist in R75.40 - R80 versions). From Jumbo Hotfix Accumulator for R77.30 Take 75, the SHA1 algorithm for authentication is also supported.
      • Solution:

        Check Point Support offers a hotfix that improves authentication for SNMPv3 USM users on Gaia OS (Issue IDs 01510241, 01525621, 01708280, 01814633, 01827496, 01818312).
        A Support Engineer will make sure the Hotfix is compatible with your environment before providing the Hotfix.
        For faster resolution and verification, please collect CPinfo file from the Gaia OS machine involved in the case.

        This fix is already included in:

        Code was improved in the following way (both in Gaia Portal and Gaia Clish):

        Issue ID Improvement
        01510241 "Privacy Protocol" can now be also set to AES in Gaia Clish (integrated in R77.30 and above)
        01525621 "Privacy Protocol" can now be also set to AES in Gaia Portal (integrated in R77.30 and above)
        01708280 "Authentication Protocol" can now be also set to SHA1
        01814633 Interactive configuration of "Privacy Protocol" and "Authentication Protocol" in Gaia Clish
        01827496
        • When adding new SNMPv3 USM user:
          • If no "Privacy Protocol" is specified, then "DES" will be set by default
          • If no "Authentication Protocol" is specified, then "MD5" will be set by default
        • "Privacy Protocol" for Read-Write users will be displayed only if those users were defined with Security Level "AuthPriv" (just like for Read-Only users).
        01818312 Configuration of "Privacy Protocol" and "Authentication Protocol" in Clish was improved to be case-insensitive

        Hotfix installation instructions:

        1. Hotfix has to be installed on machine running on Gaia OS.

          Note: In cluster environment, this procedure must be performed on all members of the cluster.
          Note: In Management HA environment, this procedure must be performed on both Management Servers.
        2. Procedure:

          • Using CPUSE - On Security Gateway / Management Server running Gaia OS R75.40 and above:

            Make sure to install the latest build of the CPUSE Agent.

            Refer to sk92449: CPUSE - Gaia Software Updates (including Gaia Software Updates Agent):

            • Section "(4-A-c)" / "(4-A-d)" - refer to import instructions for Offline procedure
            • Section "(4-B-a)" - refer to installation instructions for Hotfixes

            You can also use the sk111158 - Central Deployment Tool (CDT) to install this hotfix on Security Gateways.

            Note: Reboot is required.

          • Using Legacy CLI - On VSX Gateway running Gaia OS R75.40VS and above:

            Note: On these versions of VSX, the Gaia CPUSE does not support installation of hotfixes (refer to sk92449 - section "(2-H)").

            1. Transfer the hotfix package to the machine (into some directory, e.g., /some_path_to_fix/).

            2. Unpack and install the hotfix package:

              [Expert@HostName:0]# cd /some_path_to_fix/
              [Expert@HostName:0]# tar -zxvf SecurePlatform_<HOTFIX_NAME>.tgz
              [Expert@HostName:0]# ./SecurePlatform_<HOTFIX_NAME>

              Note: The script will stop all of Check Point services (cpstop) - read the output on the screen.
            3. Reboot the machine.

        3. (Re)Configure the SNMPv3 USM users.



    • Show / Hide information about custom SNMP traps for SNMPv3 user that uses SHA / AES authentication
      • Background:

        Currently, custom traps are not supported when an SNMPv3 user is configured with Privacy Protocol "AES" and Authentication Protocol "SHA1".

      • Solution:

        Check Point Support offers a hotfix that adds support for Authentication Protocol "SHA1" in snmpmonitor when sending Custom traps (Issue IDs 02331970, 02456573).
        A Support Engineer will make sure the Hotfix is compatible with your environment before providing the Hotfix.
        For faster resolution and verification, please collect CPinfo file from the Gaia OS machine involved in the case.

        Hotfix installation instructions:

        1. Hotfix has to be installed on machine running on Gaia OS.

          Note: In cluster environment, this procedure must be performed on all members of the cluster.
          Note: In Management HA environment, this procedure must be performed on both Management Servers.
        2. Procedure:

          • Using CPUSE - On Security Gateway / Management Server running Gaia OS:

            Make sure to install the latest build of the CPUSE Agent.

            Refer to sk92449: CPUSE - Gaia Software Updates (including Gaia Software Updates Agent):

            • Section "(4-A-c)" / "(4-A-d)" - refer to import instructions for Offline procedure
            • Section "(4-B-a)" - refer to installation instructions for Hotfixes

            You can also use the sk111158 - Central Deployment Tool (CDT) to install this hotfix on Security Gateways.

            Note: Reboot is required.

          • Using Legacy CLI - On VSX Gateway running Gaia OS:

            Note: On these versions of VSX, the Gaia CPUSE does not support installation of hotfixes (refer to sk92449 - section "(2-H)").

            1. Transfer the hotfix package to the machine (into some directory, e.g., /some_path_to_fix/).

            2. Unpack and install the hotfix package:

              [Expert@HostName:0]# cd /some_path_to_fix/
              [Expert@HostName:0]# tar -zxvf SecurePlatform_<HOTFIX_NAME>.tgz
              [Expert@HostName:0]# ./SecurePlatform_<HOTFIX_NAME>

              Note: The script will stop all of Check Point services (cpstop) - read the output on the screen.
            3. Reboot the machine.

  • (IV-6) Advanced SNMP configuration - Extend SNMP with shell script

    Show / Hide this section
    • Background:

      It is possible to extend the functionality of the SNMP Agent via custom shell script that collects information, for which there is no predefined OID.

      Example of a shell script and its output:

      [Expert@HostName:0]# cat /var/log/my_script/print_lines.sh 
      echo ''
      for N in $(seq 1 90)
         do
            echo "LINE    $N"
         done
      echo ''
      [Expert@HostName:0]#
      

      Shell script's output:

      [Expert@HostName:0]# sh /var/log/my_script/print_lines.sh
      
      LINE    1
      LINE    2
      ..................
      LINE    89
      LINE    90
      
      [Expert@HostName:0]# 
      
    • Procedure

      1. Put the custom shell script in the relevant directory (e.g., /var/log/my_script/).

      2. Disable the SNMP Agent in one of the following ways:

        • In Gaia Portal:

          Go to System Management section - click on SNMP page - clear the box Enable SNMP Agent - click on Apply button.
        • In Gaia Clish:

          HostName:0> set snmp agent off
      3. Log in to Expert mode:

        HostName:0> expert
      4. Add a new configuration file /etc/snmp/userDefinedSettings.conf as described in section "(IV-1) Advanced SNMP configuration - Custom SNMP settings".

        Note: This file is already integrated in Gaia R75.45, R75.46, R75.47, R76 and above.

      5. Add the following line to /etc/snmp/userDefinedSettings.conf file:

        extend [Custom_OID] Desired_Name /bin/sh /full_path_to/your_script.sh

        Note: If specified, then 'Custom_OID' must be a unique OID that does not exist in any of the MIB files on this machine.

        Example:

        extend .1.2.3.4.5.6.7.8.13 print_lines /bin/sh /var/log/my_script/print_lines.sh
      6. Enable the SNMP Agent in one of the following ways:

        • In Gaia Portal:

          Go to System Management section - click on SNMP page - check the box Enable SNMP Agent - click on Apply button.
        • In Gaia Clish:

          HostName:0> set snmp agent on
      7. Save the changes in Gaia Database:

        HostName:0> save config
      8. Test the new OID - it should return the results from the custom script:

        • Numerical OID:

          • Either query OID .1.3.6.1.4.1.8072.1.3:

            [Expert@HostName:0]# snmpwalk -v 2c -c <COMMUNITY_NAME> localhost .1.3.6.1.4.1.8072.1.3
          • Or query your custom OID:

            [Expert@HostName:0]# snmpwalk -v 2c -c <COMMUNITY_NAME> localhost <Custom_OID>
        • Textual OID:

          • Either query OID NET-SNMP-AGENT-MIB::nsExtensions:

            [Expert@HostName:0]# snmpwalk -v 2c -c <COMMUNITY_NAME> localhost NET-SNMP-AGENT-MIB::nsExtensions
          • Or query your custom OID:

            [Expert@HostName:0]# snmpwalk -v 2c -c <COMMUNITY_NAME> localhost <Custom_OID>

        Example:

        Expert@HostName:0]# snmpwalk -v 2c -c public localhost .1.2.3.4.5.6.7.8.13
        iso.2.3.4.5.6.7.8.13.1.1 = INTEGER: 1
        iso.2.3.4.5.6.7.8.13.2.1 = STRING: "print_lines"
        iso.2.3.4.5.6.7.8.13.3.1 = STRING: "/bin/sh /var/log/my_script/print_lines.sh"
        iso.2.3.4.5.6.7.8.13.100.1 = INTEGER: 1
        iso.2.3.4.5.6.7.8.13.101.1 = STRING: "LINE    1"
        iso.2.3.4.5.6.7.8.13.101.2 = STRING: "LINE    2"
        iso.2.3.4.5.6.7.8.13.101.3 = STRING: "LINE    3"
        ......................................................
        iso.2.3.4.5.6.7.8.13.101.87 = STRING: "LINE    87"
        iso.2.3.4.5.6.7.8.13.101.88 = STRING: "LINE    88"
        iso.2.3.4.5.6.7.8.13.101.89 = STRING: "LINE    89"
        iso.2.3.4.5.6.7.8.13.101.90 = STRING: "LINE    90"
        iso.2.3.4.5.6.7.8.13.102.1 = INTEGER: 0
        iso.2.3.4.5.6.7.8.13.103.1 = ""
        [Expert@HostName:0]#
        
    • Notes (based on NET-SNMP Patch #1052460, which is integrated in R75.46, R75.47, R76 and above)

      • SNMPD daemon will wait at most 5 seconds for the 'extend' command to finish before giving up, even if it finished reading all the output.

      • Depending on the shell script used with 'extend' command, it might take some time to produce the output.

        If 'snmpwalk' command shows "Timeout: No Response from ...", then specify the relevant timeout:
        [Expert@HostName:0]# snmpwalk -t <TIMEOUT> ...
    • Useful references for Extending Agent Functionality in SNMPD



  • (IV-7) Advanced SNMP configuration - Multiple SNMP communities

    Show / Hide this section

    Important Notes:

    • This procedure is offered as best effort only - customer must check it thoroughly in his lab.
    • The /etc/snmp/snmpd.conf file must be locked after such changes.
    • Gaia OS would still show the first community that was configured in Gaia OS.

    Gaia OS allows configuring only one community (both in Gaia Portal and in Gaia Clish).

    Multiple communities can be configured only manually in the /etc/snmp/snmpd.conf file:

    1. Close Gaia Portal.

    2. Log out from Gaia Clish / Log in to Expert mode.

    3. Backup the current /etc/snmp/snmpd.conf file:

      [Expert@HostName:0]# cp -v /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf_ORIGINAL
    4. Edit the current /etc/snmp/snmpd.conf file in Vi editor:

      [Expert@HostName:0]# vi /etc/snmp/snmpd.conf
    5. Add the additional communities as rocommunity / rocommunity6 or rwcommunity / rwcommunity6.

      Example:

      Before After
      rocommunity public
      rocommunity6 public
      rocommunity public
      rocommunity6 public
      rocommunity test_1
      rocommunity test_2
      rocommunity test_3
    6. Lock the /etc/snmp/snmpd.conf file:

      Important Note: On Gaia OS, the /etc/snmp/snmpd.conf file is maintained automatically by Gaia OS, and this file is over-written by Gaia OS.

      Add the Linux file system immutable attribute to the /etc/snmp/snmpd.conf file using the chattr command (verify using the lsattr command):

      [Expert@HostName:0]# lsattr /etc/snmp/snmpd.conf
      [Expert@HostName:0]# chattr +i /etc/snmp/snmpd.conf
      [Expert@HostName:0]# lsattr /etc/snmp/snmpd.conf

      Note: To revert, unlock the /etc/snmp/snmpd.conf file - remove the Linux file system immutable attribute from the /etc/snmp/snmpd.conf file:

      [Expert@HostName:0]# lsattr /etc/snmp/snmpd.conf
      [Expert@HostName:0]# chattr -i /etc/snmp/snmpd.conf
      [Expert@HostName:0]# lsattr /etc/snmp/snmpd.conf

    7. Restart the SNMP Agent:

      • Either from Gaia Portal:

        Go to System Management section - click on SNMP page - clear the box Enable SNMP Agent - click on Apply button - check the box Enable SNMP Agent - click on Apply button.
      • Or from Gaia Clish:

        HostName:0> set snmp agent off
        HostName:0> set snmp agent on
        HostName:0> save config

    Example:

    [Expert@GW:0]# snmpwalk -v2c -c public localhost HOST-RESOURCES-MIB::hrSystemUptime.0
    HOST-RESOURCES-MIB::hrSystemUptime.0 = Timeticks: (508686886) 58 days, 21:01:08.86
    [Expert@GW:0]# snmpwalk -v2c -c test_1 localhost HOST-RESOURCES-MIB::hrSystemUptime.0
    HOST-RESOURCES-MIB::hrSystemUptime.0 = Timeticks: (508687666) 58 days, 21:01:16.66
    [Expert@GW:0]# snmpwalk -v2c -c test_2 localhost HOST-RESOURCES-MIB::hrSystemUptime.0
    HOST-RESOURCES-MIB::hrSystemUptime.0 = Timeticks: (508692372) 58 days, 21:02:03.72
    [Expert@GW:0]# snmpwalk -v2c -c test_3 localhost HOST-RESOURCES-MIB::hrSystemUptime.0
    HOST-RESOURCES-MIB::hrSystemUptime.0 = Timeticks: (508692372) 58 days, 21:03:15.41
    [Expert@GW:0]#


  • (IV-8) Advanced SNMP configuration - Threshold Engine Configuration (threshold_config)

    Show / Hide this section

    You can configure a variety of different SNMP thresholds that generate SNMP traps, or alerts.
    You can use these thresholds to monitor many system components automatically without requesting information from each object or device.

    SNMP Monitoring Thresholds can be configured using the threshold_config command.
    Configure these thresholds on the Security Management Server / Multi-Domain Security Management Server / Domain Management Server.
    During policy installation, these thresholds are applied globally to all managed Security Gateways / Clusters.

    1. Log in to Expert mode.

    2. Run the threshold_config command:

      [Expert@HostName:0]# threshold_config
    3. Follow the on-screen instructions to make selections and configure the settings and thresholds:

      Threshold Engine Configuration Options:
      ---------------------------------------
      
      (1) Show policy name
      (2) Set policy name
      (3) Save policy
      (4) Save policy to file
      (5) Load policy from file
      (6) Configure global alert settings
      (7) Configure alert destinations
      (8) View thresholds overview
      (9) Configure thresholds
      
      (e) Exit    (m) Main Menu
      
      Enter your choice (1-9) :
      

      Where:

      Menu item Description
      (1) Show policy name Shows the name configured for the current threshold policy.
      (2) Set policy name Sets a name for the threshold policy.
      If not specified, then the default name is "Default Profile".
      (3) Save policy Saves the threshold policy.
      (4) Save policy to file Exports the threshold policy to a file.
      If a path is not specified, then the file is created in the current directory.
      (5) Load policy from file Imports a threshold policy from a file.
      If a path is not specified, then the file is imported from the current directory.
      (6) Configure global alert settings

      Configures global settings:

      • how frequently alerts are sent (configured delay must be greater than 30 seconds)
      • how many alerts are sent

      Example:

      Enter Alert Repetitions (0 for no limit), \c to exit:2
      Enter Alert Repetitions Delay (seconds), \c to exit:60
      Enter Clear Alert Repetitions, \c to exit:2
      Enter Clear Alert Repetitions Delay (seconds), \c to exit:60
      
      (7) Configure alert destinations

      Configures a destination (or destinations), where the SNMP alerts are sent.

      Configure Alert Destinations Options:
      -------------------------------------
      
      (1) View alert destinations
      (2) Add SNMP NMS
      (3) Remove SNMP NMS
      (4) Edit SNMP NMS
      

      Show / Hide example

      Note: This example is for SNMPv2. Therefore, it was truncated for brevity.

      Enter your choice (1-4) :2
      
      Enter SNMP NMS Name, \c to exit: MyNMS
      Enter SNMP NMS IP, \c to exit: 192.168.20.33
      Enter SNMP NMS Port, \c to exit: 161
      
      Choose SNMP Version:
      
      (1) SNMPv2c
      (2) SNMPv3
      
      Enter your choice, \c to exit:1
      
      Enter SNMP NMS Community, \c to exit: MyCommunity
      
      Add MyNMS to all thresholds?(y\n)y
      Successfully added SNMP NMS
      
      Configure Alert Destinations Options:
      -------------------------------------
      
      (1) View alert destinations
      (2) Add SNMP NMS
      (3) Remove SNMP NMS
      (4) Edit SNMP NMS
      
      (e) Exit    (m) Main Menu
      
      Enter your choice (1-4) :1
      
      Alert Destinations:
      -------------------
      
      SNMP NMSs:
      -------------------
      ----------------------------------------------------------...
      |Name           |IP             |Port|Ver|Community      |...
      ----------------------------------------------------------...
      |MyNMS          |192.168.20.33  |161 |2c |MyCommunity    |...
      ----------------------------------------------------------...
      
      Other Destinations:
      -------------------
       * Check Point log server
      
      (8) View thresholds overview Shows a list of all thresholds that can be set, including:
      • Name
      • Category (e.g., Hardware, Networking, Resources)
      • State (disabled / enabled)
      • Threshold (threshold point, if relevant)
      • Description

      Show / Hide example

      The following thresholds were configured in this example:

      • Partition free space is less than 10
      • Core Utilization is greater than 80

      Thresholds Overview:
      --------------------
      
      -------------------------------------------------------------------------------------------------------------------------------------------------
      |Name                          |Category  |State    |Threshold |Description                                                                     |
      -------------------------------------------------------------------------------------------------------------------------------------------------
      |RAID volume state             |Hardware  |disabled |          |Monitored RAID volume state, alerts when raidVolumeState is not equal to OPTIMAL|
      |                                                              |(0) (volume ID in trap)                                                         |
      -------------------------------------------------------------------------------------------------------------------------------------------------
      |RAID disk state               |Hardware  |disabled |          |Monitored RAID disk state alert, alerts when raidDiskState is not equal to ONLIN|
      |                                                              |E(0) (disk ID and volume ID in trap)                                            |
      -------------------------------------------------------------------------------------------------------------------------------------------------
      |RAID disk flags               |Hardware  |disabled |          |Monitored RAID disk flag alert, alerts when raidDiskFalgs contains the OUT_OF_SY|
      |                                                              |NC(0x01) or QUIESCED(0x02) flags (disk ID and volume ID in trap)                |
      -------------------------------------------------------------------------------------------------------------------------------------------------
      |Temperature sensor reading    |Hardware  |disabled |          |Temperature sensor alert, alerts when sensors value is not in the range provided|
      |                                                              | by manufacture (Sensor name provided in trap)                                  |
      -------------------------------------------------------------------------------------------------------------------------------------------------
      |Fan speed sensor reading      |Hardware  |disabled |          |Fan speed sensor alert, alerts when sensors value is not in the range provided b|
      |                                                              |y manufacture (Sensor name provided in trap)                                    |
      -------------------------------------------------------------------------------------------------------------------------------------------------
      |Voltage sensor reading        |Hardware  |disabled |          |Voltage sensor alert, alerts when sensors value is not in the range provided by |
      |                                                              |manufacture (Sensor name provided in trap)                                      |
      -------------------------------------------------------------------------------------------------------------------------------------------------
      |Cluster member state changed  |High Avail|disabled |          |Cluster member state changed alert, alerts when haState changed (Cluster member |
      |                                                              |identifier provided in trap)                                                    |
      -------------------------------------------------------------------------------------------------------------------------------------------------
      |Cluster block state           |High Avail|disabled |          |Cluster block state alert, alert when haBlockState is not equal to OK (Cluster m|
      |                                                              |ember identifier provided in trap)                                              |
      -------------------------------------------------------------------------------------------------------------------------------------------------
      |Cluster state                 |High Avail|disabled |          |Cluster state alert, alert when haStatCode is not equal to Ok(0) (Cluster member|
      |                                                              | identifier provided in trap)                                                   |
      -------------------------------------------------------------------------------------------------------------------------------------------------
      |Cluster problem status        |High Avail|disabled |          |Cluster problem status alert, alert when haProblemStatus is not equal to OK     |
      -------------------------------------------------------------------------------------------------------------------------------------------------
      |Cluster interface status      |High Avail|disabled |          |Cluster interface status alert, alerts when haStatus is not equal to Up (Interfa|
      |                                                              |ce name provided in trap)                                                       |
      -------------------------------------------------------------------------------------------------------------------------------------------------
      |Local Logging Mode            |Local Logg|disabled |          |Problem with one or more log servers result with local logging, alerts when fwLo|
      |                                                              |calLoggingStat is not equal to Ok(0)                                            |
      -------------------------------------------------------------------------------------------------------------------------------------------------
      |Connection with log server    |Log Server|disabled |          |Problem with connection to log server, alerts when fwLSConnState = Error(1) (Log|
      |                                                              | server name provided in trap)                                                  |
      -------------------------------------------------------------------------------------------------------------------------------------------------
      |Connection with all log server|Log Server|disabled |          |Problem with connection to one or more log servers, alerts when fwLSConnOverall |
      |                                                              |is not equal to Ok(0)                                                           |
      -------------------------------------------------------------------------------------------------------------------------------------------------
      |Interface Admin Status        |Networking|disabled |          |Interface admin status alert, alerts when svnNetIfState = Down(0) (Interface nam|
      |                                                              |e provided in trap)                                                             |
      -------------------------------------------------------------------------------------------------------------------------------------------------
      |Interface removed             |Networking|disabled |          |Interface removed alert, alerts when an interface disappear from svnNetIfTable (|
      |                                                              |Interface name provided in trap)                                                |
      -------------------------------------------------------------------------------------------------------------------------------------------------
      |Interface Operational Link Sta|Networking|disabled |          |Interface link status alert, alerts when svnNetIfOperState = Down(0) (Interface |
      |                                                              |name provided in trap)                                                          |
      -------------------------------------------------------------------------------------------------------------------------------------------------
      |New connections rate          |Networking|disabled |>= NaN    |New connection rate alert, alerts when the new connection rate equals\exceeds X |
      |                                                              |(New Connections/Sec)                                                           |
      -------------------------------------------------------------------------------------------------------------------------------------------------
      |Concurrent connections rate   |Networking|disabled |>= NaN    |Concurrent connections rate alert, alerts when fwNumConn >= X (Connections/Sec) |
      -------------------------------------------------------------------------------------------------------------------------------------------------
      |Bytes Throughput              |Networking|disabled |>= NaN    |Bytes throughput alert, alerts when the throughput equals\exceeds X (Bytes/Sec) |
      -------------------------------------------------------------------------------------------------------------------------------------------------
      |Accepted Packet Rate          |Networking|disabled |>= NaN    |Accepted packet rate alert, alerts when the accepted packet rate equals\exceeds |
      |                                                              |X (Packets/Sec)                                                                 |
      -------------------------------------------------------------------------------------------------------------------------------------------------
      |Drop caused by excessive traff|Networking|disabled |          |Drop caused by excessive traffic on an interface. The interface name can be seen|
      |                                                              | below                                                                          |
      -------------------------------------------------------------------------------------------------------------------------------------------------
      |Swap Memory Utilization       |Resources |disabled |> NaN     |Swap memory utilization alert, alerts when memActiveVirtual64 exceeds X% of memT|
      |                                                              |otalVirtual64                                                                   |
      -------------------------------------------------------------------------------------------------------------------------------------------------
      |Real Memory Utilization       |Resources |disabled |> NaN     |Real memory utilization alert, alerts when memActiveReal64 exceeds X% of memTota|
      |                                                              |lReal64                                                                         |
      -------------------------------------------------------------------------------------------------------------------------------------------------
      |Partition free space          |Resources |enabled  |<= 10     |Monitored disk partition is dangerously full alert, alerts when multiDiskFreeAva|
      |                                                              |ilablePercent <= X (file system name in trap)                                   |
      -------------------------------------------------------------------------------------------------------------------------------------------------
      |Core Utilization              |Resources |enabled  |>= 80     |Core utilization alert, alerts when multiProcUsage >= X (core name in trap)     |
      -------------------------------------------------------------------------------------------------------------------------------------------------
      |Core interrupts rate          |Resources |disabled |>= NaN    |Core interrupts alert, alerts when multiProcInterrupts >= X (core name in trap) |
      -------------------------------------------------------------------------------------------------------------------------------------------------
      -------------------------------------------------------------------------------------------------------------------------------------------------
      
      (9) Configure thresholds

      Shows the list of threshold categories to select the thresholds to configure.

      Thresholds Categories:
      ----------------------
      
      (1) Hardware
      (2) High Availability
      (3) Local Logging Mode Status
      (4) Log Server Connectivity
      (5) Networking
      (6) Resources
      

      where:

      Thresholds Category Available Thresholds
      (1) Hardware
      Hardware Thresholds:
      --------------------
      
      (1) RAID volume state
      (2) RAID disk state
      (3) RAID disk flags
      (4) Temperature sensor reading
      (5) Fan speed sensor reading
      (6) Voltage sensor reading
      
      (2) High Availability
      High Availability Thresholds:
      -----------------------------
      
      (1) Cluster member state changed
      (2) Cluster block state
      (3) Cluster state
      (4) Cluster problem status
      (5) Cluster interface status
      
      (3) Local Logging Mode Status
      Local Logging Mode Status Thresholds:
      -------------------------------------
      
      (1) Local Logging Mode
      
      (4) Log Server Connectivity
      Log Server Connectivity Thresholds:
      -----------------------------------
      
      (1) Connection with log server
      (2) Connection with all log servers
      
      (5) Networking
      Networking Thresholds:
      ----------------------
      
      (1) Interface Admin Status
      (2) Interface removed
      (3) Interface Operational Link Status
      (4) New connections rate
      (5) Concurrent connections rate
      (6) Bytes Throughput
      (7) Accepted Packet Rate
      (8) Drop caused by excessive traffic
      
      (6) Resources
      Resources Thresholds:
      ---------------------
      
      (1) Swap Memory Utilization
      (2) Real Memory Utilization
      (3) Partition free space
      (4) Core Utilization
      (5) Core interrupts rate
      
    4. Restart the CPD daemon:

      1. Stop the CPD daemon:

        [Expert@HostName:0]# cpwd_admin stop -name CPD -path "$CPDIR/bin/cpd_admin" -command "cpd_admin stop"
      2. Start the CPD daemon:

        [Expert@HostName:0]# cpwd_admin start -name CPD -path "$CPDIR/bin/cpd" -command "cpd"
      3. Wait for ~10-15 seconds.

      4. Verify that CPD daemon started successfully:

        [Expert@HostName:0]# cpwd_admin list | grep -E "STAT|CPD"
    5. Install policy on the managed Security Gateways / Clusters.

    Notes:

    • For more details, refer to Security Management Server Administration Guide (R76, R77) - Chapter "Working with SNMP Management Tools" - section "Working with SNMP Monitoring Thresholds"
    • Threshold Engine Configuration is saved in the $FWDIR/conf/thresholds.conf file.
    • In a Multi-Domain Security Management environment:
      • You can configure thresholds in the context of Multi-Domain Server (MDS) and in the context of each individual Domain Management Server.
      • Thresholds that you configure in the context of the Multi-Domain Server are for the Multi-Domain Server only.
      • Thresholds that you configure in the context of a Domain Management Server are for that Domain Management Server and its managed gateways.
      • If a threshold applies to the Multi-Domain Server and the Domain Management Server gateways,
        then set it in the context of the Multi-Domain Server and in the context of Domain Management Server.
        But in this situation you can only get alerts from the Multi-Domain Server, if the threshold passed.
        Example: If the CPU threshold was configured, then when the defined threshold is passed, it applies to both of them.
        However, only the Multi-Domain Server would generate alerts.
    • If SNMP Monitoring Thresholds were configured locally on a Security Gateway / Cluster Member, then each time a policy is installed on the Security Gateway / Cluster, the local settings are erased and reverted to the global SNMP threshold settings that were configured on the Security Management Server / Multi-Domain Security Management Server / Domain Management Server that manages this Security Gateway / Cluster.
      On Security Gateway / Cluster Member, you can save the Threshold Engine Configuration configuration file and load it again later.

    Related solutions:

 

(V) Troubleshooting

Click Here to show the entire section
  • (V-1) Troubleshooting - Interpreting SNMP Error Messages

    Show / Hide this section

    This section lists and explains certain common error status values that can appear in SNMP messages.

    • SNMPv2 Common PDU Format:

      # Field
      Name
      Syntax Size
      (bytes)
      Description
      1 PDU Type Integer
      (Enumerated)
      4

      Where:

      Value Type   Value Type
      0 GetRequest-PDU 5 GetBulkRequest-PDU (b)
      1 GetNextRequest-PDU 6 InformRequest-PDU
      2 GetResponse-PDU 7 Trapv2-PDU
      3 SetRequest-PDU 8 Report-PDU
      4 Trap-PDU (a)   Report-PDU
      Notes:
      1. Obsolete. This was the old Trap-PDU in SMPv1.
      2. Has its own format. See the relevant table below.
      2 Request ID Integer 4 A number used to match SNMP Requests with SNMP Replies.
      It is generated by the device that sends a request and copied into this field in a Response-PDU by the responding SNMP entity.
      3 Error Status Integer
      (Enumerated)
      4

      An integer value that is used in a Response-PDU to tell the requesting SNMP entity the result of its request.
      A value of zero indicates that no error occurred; the other values indicate what sort of error happened.

      See the table below.

      Note that the first six values (0 to 5) are maintained as used in SNMPv1 for compatibility, but SNMPv2 adds many new error codes that provide more specific indication of the exact nature of an error in a request.
      The genErr code is still used only when none of specific error types (either the old codes or the new ones) apply.
      4 Error Index Integer 4 When Error Status is non-zero, this field contains a pointer that specifies, which object generated the error, or object, in the variable-bindings list that caused the error.
      Always zero in an SNMP Request.
      5 Variable Bindings Variable Variable A set of name-value pairs identifying the MIB objects in the PDU, and in the case of messages other than SNMP Requests, containing their values.

      Note: SNMPv3 uses the protocol operations from SNMPv2 (refer to RFC 3416 and TCP/IP Guide). Thus, the PDU formats are the same as in SNMPv2.

    • SNMPv2 GetBulkRequest-PDU Format:

      # Field
      Name
      Syntax Size
      (bytes)
      Description
      1 PDU Type Integer
      (Enumerated)
      4 An integer value that indicates the PDU type, which is 5 for a GetBulkRequest-PDU message.
      2 Request ID Integer 4 A number used to match SNMP Requests with SNMP Replies.
      It is generated by the device that sends a request and copied into this field in a Response-PDU by the responding SNMP entity.
      3 Non Repeaters Integer 4 Specifies the number of non-repeating, regular objects at the start of the variable list in the SNMP Request.
      This field specifies the number of variables in the variable-bindings list, for which a single-lexicographic successor is to be returned.
      4 Max Repetitions Integer 4 The number of iterations in the table to be read for the repeating objects that follow the non-repeating objects.
      This field specifies the number of lexicographic successors to be returned for the remaining variables in the variable-bindings list.
      5 Variable Bindings Variable Variable A set of name-value pairs identifying the MIB objects in the PDU.

      If at any point in the process, a lexicographic successor does not exist, the endofMibView value is returned with the name of the last lexicographic successor, or, if there were no successors, the name of the variable in the request.

      If the processing of a variable name fails for any reason other than endofMibView, no values are returned. Instead, the responding entity returns a response PDU with an error-status of genErr and a value in the error-index field that is the index of the problem object in the variable-bindings field.

    • The following table lists the Error Status codes and their meanings (refer to RFC 1592 and TCP/IP Guide).

      When the SNMP RESPONSE packet is a response to SNMP request like GET, GETNEXT, GETBULK, SET, COMMIT, or UNDO, then the error code can have one of the following values:

      Error
      Status
      Error
      Message
      Error
      Meaning
      0 noError The agent reports that no errors occurred during transmission.
      This code is also used in all request PDUs, since they have no error status to report.
      1 tooBig The agent could not place the results of the requested SNMP operation in a single SNMP message.
      The size of the Response-PDU would be too large to transport.
      2 NoSuchName The requested SNMP operation identified an unknown variable.
      The name of a requested object was not found.
      3 BadValue The requested SNMP operation tried to change a variable, but it specified either a syntax or value error.
      A value in the request did not match the structure that the recipient of the request had for the object.
      For example, an object in the request was specified with an incorrect length or type.
      4 ReadOnly The requested SNMP operation tried to change a variable that was not allowed to change, according to the community profile of the variable.
      An attempt was made to set a variable that has an Access value indicating that it is read-only.
      5 genError An error other than one of those listed in this table occurred during the requested SNMP operation.
      An error occurred other than one indicated by a more specific error code in this table.
      6 noAccess The specified SNMP variable is not accessible.
      Access was denied to the object for security reasons.
      7 wrongType The value specifies a type that is inconsistent with the type required for the variable.
      The object type in a variable binding is incorrect for the object.
      8 wrongLength The value specifies a length that is inconsistent with the length required for the variable.
      A variable binding specifies a length incorrect for the object.
      9 wrongEncoding The value contains an Abstract Syntax Notation One (ASN.1) encoding that is inconsistent with the ASN.1 tag of the field.
      A variable binding specifies an encoding incorrect for the object.
      10 wrongValue The value cannot be assigned to the variable.
      The value given in a variable binding is not possible for the object.
      11 noCreation The variable does not exist, and the agent cannot create it.
      12 inconsistentValue The value is inconsistent with values of other managed objects.
      A variable binding specifies a value that could be held by the variable, but cannot be assigned to it at this time.
      13 resourceUnavailable Assigning the value to the variable requires allocation of resources that are currently unavailable.
      An attempt to set a variable required a resource that is not available.
      14 commitFailed No validation errors occurred, but no variables were updated.
      An attempt to set a particular variable failed.
      15 undoFailed No validation errors occurred. Some variables were updated because it was not possible to undo their assignment.
      An attempt to set a particular variable as part of a group of variables failed, and the attempt to then undo the setting of other variables was not successful.
      16 authorizationError An authorization error occurred.
      17 notWritable The variable exists, but the agent cannot modify it.
      The variable cannot be written or created.
      18 inconsistentName The variable does not exist; the agent cannot create it because the named object instance is inconsistent with the values of other managed objects.
      The name in a variable binding specifies a variable that does not exist.

      Note: You might not see the codes. The SNMP Manager interprets the codes and displays and logs the appropriate message.

 

(VI) Common used SNMP OIDs

Click Here to show the entire section
  • (VI-1) Common used SNMP OIDs - System counters

    Click Here to show the entire section
    • (VI-1-A) CPU

      Show / Hide this subsection
      • Counters ($CPDIR/lib/snmp/chkpnt.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        CPU usage .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.svnProc.procUsage
        .1.3.6.1.4.1.2620.1.6.7.2.4
        Integer 0-100 Percentage of CPU utilization - Overall  
        .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.multiProcTable.multiProcEntry.multiProcUsage
        .1.3.6.1.4.1.2620.1.6.7.5.1.5.x (*)
        Integer 0-100 Percentage of CPU utilization - Per CPU Core  
        User Time .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.svnProc.procUsrTime
        .1.3.6.1.4.1.2620.1.6.7.2.1
        Integer 0-100 Percentage of CPU utilization for user mode processes - Overall  
        .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.multiProcTable.multiProcEntry.multiProcUserTime
        .1.3.6.1.4.1.2620.1.6.7.5.1.2.x (*)
        Integer 0-100 Percentage of CPU utilization for user mode processes - Per CPU Core  
        System Time .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.svnProc.procSysTime
        .1.3.6.1.4.1.2620.1.6.7.2.2
        Integer 0-100 Percentage of CPU utilization for kernel mode processes - Overall  
        .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.multiProcTable.multiProcEntry.multiProcSystemTime
        .1.3.6.1.4.1.2620.1.6.7.5.1.3.x (*)
        Integer 0-100 Percentage of CPU utilization for kernel mode processes - Per CPU Core  
        Idle time .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.svnProc.procIdleTime
        .1.3.6.1.4.1.2620.1.6.7.2.3
        Integer 0-100 Percentage of CPU idle time - Overall  
        .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.multiProcTable.multiProcEntry.multiProcIdleTime
        .1.3.6.1.4.1.2620.1.6.7.5.1.4.x (*)
        Integer 0-100 Percentage of CPU idle time - Per CPU Core  
        Interrupts per second .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.svnProc.procInterrupts
        .1.3.6.1.4.1.2620.1.6.7.2.6
        Integer Number of CPU interrupts per second - Overall  
        .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.multiProcTable.multiProcEntry.multiProcInterrupts
        .1.3.6.1.4.1.2620.1.6.7.5.1.7.x (*)
        Integer Number of CPU interrupts per second - Per CPU Core  
        Number of CPU Cores .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.svnProc.procNum
        .1.3.6.1.4.1.2620.1.6.7.2.7
        Integer Number of machine CPU cores  

        (*) Replace the letter "x" with the CPU core number. Do not use the last digit to get a report for all cores.

      • Traps ($CPDIR/lib/snmp/chkpnt-trap.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        Core utilization alert .iso.org.dod.internet.private.enterprises.checkpoint.products.chkpntTrap.chkpntTrapCPU.chkpntCPUCoreUtilTrap
        .1.3.6.1.4.1.2620.1.2000.3.1
        String Trap is sent when CPU core utilization exceeds the threshold.
        Trap includes CPU core number.
         
        Core interrupts alert .iso.org.dod.internet.private.enterprises.checkpoint.products.chkpntTrap.chkpntTrapCPU.chkpntCPUCoreInterruptsTrap
        .1.3.6.1.4.1.2620.1.2000.3.2
        String Trap is sent when number of interrupts on CPU core exceeds the threshold.
        Trap includes CPU core number.
         
    • (VI-1-B) Memory

      Show / Hide this subsection
      • Counters ($CPDIR/lib/snmp/chkpnt.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        RAM - Real Total .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.svnMem64.memTotalReal64
        .1.3.6.1.4.1.2620.1.6.7.4.3
        String Total real memory in bytes.
        Memory used by applications.
         
        RAM - Real Active .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.svnMem64.memActiveReal64
        .1.3.6.1.4.1.2620.1.6.7.4.4
        String Active real memory in bytes (memory used by applications that is not cached to the disk).  
        RAM - Real Free .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.svnMem64.memFreeReal64
        .1.3.6.1.4.1.2620.1.6.7.4.5
        String Free memory in bytes available for applications.  
        RAM - Virtual Total .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.svnMem64.memTotalVirtual64
        .1.3.6.1.4.1.2620.1.6.7.4.1
        String The size in bytes of the virtual-memory working segment pages.  
        RAM - Virtual Active .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.svnMem64.memActiveVirtual64
        .1.3.6.1.4.1.2620.1.6.7.4.2
        String The size in bytes of the virtual-memory working segment pages that have actually been touched.  
        Hmem fails .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwPerfStat.fwHmem.fwHmem-failed-alloc
        .1.3.6.1.4.1.2620.1.1.26.1.21
        Integer Hash memory allocation failures.  
        System Kmem fails .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwPerfStat.fwKmem.fwKmem-failed-alloc
        .1.3.6.1.4.1.2620.1.1.26.2.15
        Integer System Kernel memory (SMEM) allocation failures.  
      • Traps ($CPDIR/lib/snmp/chkpnt-trap.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        Swap memory utilization alert .iso.org.dod.internet.private.enterprises.checkpoint.products.chkpntTrap.chkpntTrapMemory.chkpntSwapMemoryTrap
        .1.3.6.1.4.1.2620.1.2000.4.1
        String Alert is sent when swap memory exceeds the threshold % of virtual (swap) memory.  
        Real memory utilization alert .iso.org.dod.internet.private.enterprises.checkpoint.products.chkpntTrap.chkpntTrapMemory.chkpntRealMemoryTrap
        .1.3.6.1.4.1.2620.1.2000.4.2
        String Alert is sent when real memory exceeds the threshold % of total memory.  
    • (VI-1-C) Disk

      Show / Hide this subsection
      • Counters ($CPDIR/lib/snmp/chkpnt.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        Disk Partition information .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.multiDiskTable
        .1.3.6.1.4.1.2620.1.6.7.6
        Table Disk Partition index number.  
        Disk Partition index .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.multiDiskTable.multiDiskEntry.multiDiskIndex
        .1.3.6.1.4.1.2620.1.6.7.6.1.1.x (*)
        Integer Disk Partition index number.  
        Disk Partition name .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.multiDiskTable.multiDiskEntry.multiDiskName
        .1.3.6.1.4.1.2620.1.6.7.6.1.2.x (*)
        String Disk Partition name.  
        Disk Partition size .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.multiDiskTable.multiDiskEntry.multiDiskSize
        .1.3.6.1.4.1.2620.1.6.7.6.1.3.x (*)
        String Disk Partition total size in bytes.  
        Disk Partition used .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.multiDiskTable.multiDiskEntry.multiDiskUsed
        .1.3.6.1.4.1.2620.1.6.7.6.1.4.x (*)
        String Disk Partition used space in bytes.  
        Disk Partition free total bytes .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.multiDiskTable.multiDiskEntry.multiDiskFreeTotalBytes
        .1.3.6.1.4.1.2620.1.6.7.6.1.5.x (*)
        String Disk Partition free total space in bytes.  
        Disk Partition free total percentage .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.multiDiskTable.multiDiskEntry.multiDiskFreeTotalPercent
        .1.3.6.1.4.1.2620.1.6.7.6.1.6.x (*)
        Integer Disk Partition free total space in per cent.  
        Disk Partition free available bytes .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.multiDiskTable.multiDiskEntry.multiDiskFreeAvailableBytes
        .1.3.6.1.4.1.2620.1.6.7.6.1.7.x (*)
        String Disk Partition free available space (not reserved by the OS) in bytes.  
        Disk Partition free available percentage .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.multiDiskTable.multiDiskEntry.multiDiskFreeAvailablePercent
        .1.3.6.1.4.1.2620.1.6.7.6.1.8.x (*)
        Integer Disk Partition free available space in per cent.  

        (*) Replace the letter "x" with the partition index number. Do not use the last digit to get a report for all partitions.

      • Traps ($CPDIR/lib/snmp/chkpnt-trap.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        Disk full alert .iso.org.dod.internet.private.enterprises.checkpoint.products.chkpntTrap.chkpntTrapDisk.chkpntDiskSpaceTrap
        .1.3.6.1.4.1.2620.1.2000.2.1
        String Available disk space on disk partition is less than the specified threshold.
        Trap includes file system name.
         
    • (VI-1-D) RAID

      Show / Hide this subsection

      This subection provides the information about RAID Volumes, RAID Disks, and Traps.

      • RAID Volumes Information ($CPDIR/lib/snmp/chkpnt.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        RAID logical state .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.raidInfo.raidVolumeTable
        .1.3.6.1.4.1.2620.1.6.7.7.1
        Table Logical RAID storage status.  
        RAID Volume Index .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.raidInfo.raidVolumeTable.raidVolumeEntry.raidVolumeIndex
        .1.3.6.1.4.1.2620.1.6.7.7.1.1.1
        Integer 0-100 Index number of RAID Volume.  
        RAID Volume ID .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.raidInfo.raidVolumeTable.raidVolumeEntry.raidVolumeID
        .1.3.6.1.4.1.2620.1.6.7.7.1.1.2
        Integer ID of RAID Volume.  
        RAID Volume Type .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.raidInfo.raidVolumeTable.raidVolumeEntry.raidVolumeType
        .1.3.6.1.4.1.2620.1.6.7.7.1.1.3
        Integer Type of RAID Volume - RAID level.
        For Check Point appliances with RAID, will normally be "RAID_1".
         
        Number Of Disks in the RAID .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.raidInfo.raidVolumeTable.raidVolumeEntry.numOfDisksOnRaid
        .1.3.6.1.4.1.2620.1.6.7.7.1.1.4
        Integer Number Of Disks on the RAID.  
        RAID Volume LBA size .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.raidInfo.raidVolumeTable.raidVolumeEntry.raidVolumeMaxLBA
        .1.3.6.1.4.1.2620.1.6.7.7.1.1.5
        Integer Size of RAID Volume - Maximal supported LBA (Logical Block Addressing).  
        RAID Volume state .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.raidInfo.raidVolumeTable.raidVolumeEntry.raidVolumeState
        .1.3.6.1.4.1.2620.1.6.7.7.1.1.6
        Integer State of RAID Volume:
        • 0 - OPTIMAL
        • 1 - DEGRADED
        • 2 - FAILED
        • other - UNKNOWN
         
        RAID Volume flags .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.raidInfo.raidVolumeTable.raidVolumeEntry.raidVolumeFlags
        .1.3.6.1.4.1.2620.1.6.7.7.1.1.7
        Integer Flag(s) of RAID Volume:
        • 0x00 - NONE
        • 0x01 - ENABLED
        • 0x02 - QUIESCED
        • 0x04 - RESYNC_IN_PROGRESS
        • 0x08 - VOLUME_INACTIVE
        • 0x10 - NOT_CONFIGURED
        • 0x20 - USING_INTERIM_RECOVERY_MODE
        • 0x40 - READY_FOR_RECOVERY_OPERATION
        • 0x80 - WRONG_PHYSICAL_DRIVE_WAS_REPLACED
        • 0x100 - A_PHYSICAL_DRIVE_IS_NOT_PROPERLY_CONNECTED
        • 0x200 - HARDWARE_IS_OVER_HEATING
        • 0x400 - HARDWARE_WAS_OVERHEATED
        • 0x800 - CURRENTLY_EXPENDING
        • 0x1000 - NOT_YET_AVAILABLE
        • 0x2000 - QUEUED_FOR_EXPENSION
        • 0x4000 - MIGRATING
        • 0x8000 - IMPACTED
        • 0x10000 - OFFLINE
        • 0x20000 - CLEARING
         
        RAID Volume size .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.raidInfo.raidVolumeTable.raidVolumeEntry.raidVolumeSize
        .1.3.6.1.4.1.2620.1.6.7.7.1.1.8
        Integer RAID Volume size in GB.  

        (*) Limitation: RAID counters are not supported on Smart-1 appliances.

      • RAID Disks Information ($CPDIR/lib/snmp/chkpnt.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        RAID physical state .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.raidInfo.raidDiskTable
        .1.3.6.1.4.1.2620.1.6.7.7.2
        Table Physical RAID storage status.  
        RAID Disk Index .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.raidInfo.raidDiskTable.raidDiskEntry.raidDiskIndex
        .1.3.6.1.4.1.2620.1.6.7.7.2.1
        Integer 0-100 Index number of RAID Disk.  
        RAID Disk Volume ID .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.raidInfo.raidDiskTable.raidDiskEntry.raidDiskVolumeID
        .1.3.6.1.4.1.2620.1.6.7.7.2.2
        Integer RAID Disk Volume ID.  
        RAID Disk SCSI ID .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.raidInfo.raidDiskTable.raidDiskEntry.raidDiskID
        .1.3.6.1.4.1.2620.1.6.7.7.2.3
        Integer RAID Disk SCSI identification number.  
        RAID Disk number .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.raidInfo.raidDiskTable.raidDiskEntry.raidDiskNumber
        .1.3.6.1.4.1.2620.1.6.7.7.2.4
        Integer RAID Disk number.
        On Check Point Appliance with RAID:
        • 0 - upper disc
        • 1 - lower disc
         
        RAID Disk Vendor ID .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.raidInfo.raidDiskTable.raidDiskEntry.raidDiskVendor
        .1.3.6.1.4.1.2620.1.6.7.7.2.5
        String RAID Disk vendor identification.  
        RAID Disk Product ID .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.raidInfo.raidDiskTable.raidDiskEntry.raidDiskProductID
        .1.3.6.1.4.1.2620.1.6.7.7.2.6
        Format RAID Disk product identification.  
        RAID Disk revision level .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.raidInfo.raidDiskTable.raidDiskEntry.raidDiskRevision
        .1.3.6.1.4.1.2620.1.6.7.7.2.7
        String RAID Disk revision level.  
        RAID Disk LBA size .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.raidInfo.raidDiskTable.raidDiskEntry.raidDiskMaxLBA
        .1.3.6.1.4.1.2620.1.6.7.7.2.8
        Integer Size of RAID Disk - Maximal supported LBA (Logical Block Addressing).  
        RAID disk state .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.raidInfo.raidDiskTable.raidDiskEntry.raidDiskState
        .1.3.6.1.4.1.2620.1.6.7.7.2.1.9
        Integer RAID Disk state:
        • 0x00 - ONLINE
        • 0x01 - MISSING
        • 0x02 - NOT_COMPATIBLE
        • 0x03 - DISC_FAILED
        • 0x04 - INITIALIZING
        • 0x05 - OFFLINE_REQUESTED
        • 0x06 - FAILED_REQUESTED
        • 0x07 - UNCONFIGURED_GOOD_SPUN_UP
        • 0x08 - UNCONFIGURED_GOOD_SPUN_DOWN
        • 0x09 - UNCONFIGURED_BAD
        • 0x0A - HOTSPARE
        • 0x0B - DRIVE_OFFLINE
        • 0x0C - REBUILD
        • 0x0D - FAILED
        • 0x0F - COPYBACK
        • 0xFF - OTHER_OFFLINE
        • other - UNKNOWN
         
        RAID Disk flags .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.raidInfo.raidDiskTable.raidDiskEntry.raidDiskFlags
        .1.3.6.1.4.1.2620.1.6.7.7.2.10
        Integer Flag(s) of RAID Disk:
        • 0x01 - OUT_OF_SYNC
        • 0x02 - QUIESCED
        • 0x04 - VERIFYING
        • 0x08 - READY
        • other - NONE
         
        RAID Disk synchronization state .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.raidInfo.raidDiskTable.raidDiskEntry.raidDiskSyncState
        .1.3.6.1.4.1.2620.1.6.7.7.2.11
        Integer RAID Disk synchronized per cent completed during the synchronization process - shows how much of the backup disk is synchronized with the primary disk.
        Relevant only when "RESYNC_IN_PROGRESS" flag is enabled.
         
        RAID Disk size .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnPerf.raidInfo.raidDiskTable.raidDiskEntry.raidDiskSize
        .1.3.6.1.4.1.2620.1.6.7.7.2.11
        Integer RAID Disk size in GB.  

        (*) Limitation: RAID counters are not supported on Smart-1 appliances.

      • Traps ($CPDIR/lib/snmp/chkpnt-trap.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        RAID Volume state alert .iso.org.dod.internet.private.enterprises.checkpoint.products.chkpntTrap.chkpntTrapDisk.chkpntRAIDVolumeTrap
        .1.3.6.1.4.1.2620.1.2000.2.2
        Format Trap is sent when RAID Volume is state "2" (FAILED).
        Trap includes Volume ID.
         
        RAID Disk state alert .iso.org.dod.internet.private.enterprises.checkpoint.products.chkpntTrap.chkpntTrapDisk.chkpntRAIDDiskTrap
        .1.3.6.1.4.1.2620.1.2000.2.3
        Integer Trap is sent when RAID Disk is in one of these states:
        • 1 - DEGRADED
        • 2 - FAILED
        • 255 - UNKNOWN
        Trap includes disk and volume ID.
         
        RAID disk flag alert .iso.org.dod.internet.private.enterprises.checkpoint.products.chkpntTrap.chkpntTrapDisk.chkpntRAIDDiskFlagsTrap
        .1.3.6.1.4.1.2620.1.2000.2.4
        Integer Trap is sent when RAID Disk sends one of these flags:
        • 0x01 - OUT_OF_SYNC
        • 0x02 - QUIESCED
        Trap includes RAID Disk ID and RAID Volume ID.
         
    • (VI-1-E) Gaia OS

      Show / Hide this subsection
      • Gaia OS Traps (/etc/snmp/GaiaTrapsMIB.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        Configuration changed .iso.org.dod.internet.private.enterprises.checkpoint.products.chkpntTrap.chkpntTrapConfiguration.chkpntTrapSystemConfiguration.chkpntSystemConfigurationChangeTrap
        .1.3.6.1.4.1.2620.1.3000.10.1.1
          A change to the system configuration occurred in Gaia OS.  
        Configuration saved .iso.org.dod.internet.private.enterprises.checkpoint.products.chkpntTrap.chkpntTrapConfiguration.chkpntTrapSystemConfiguration.chkpntSystemConfigurationSaveTrap
        .1.3.6.1.4.1.2620.1.3000.10.1.2
          A permanent change to the system configuration occurred in Gaia OS (user issued the "save config" command).  
      • SNMP Traps (SNMPv2-MIB.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        SNMP Agent restart .iso.org.dod.internet.snmpV2.snmpModules.snmpMIB.snmpMIBObjects.snmpTraps.coldStart
        .1.3.6.1.6.3.1.1.5.1
          SNMP Agent was re-initialized.  


  • (VI-2) Common used SNMP OIDs - Network counters

    Click Here to show the entire section

    Note: These packet values are only applicable to IPv4 packets that are not accelerated by SecureXL.

    • (VI-2-A) Information about interfaces from Linux OS

      Show / Hide this subsection
      • General information (IF-MIB.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        Total number of network interfaces .iso.org.dod.internet.mgmt.mib-2.interfaces.ifNumber
        .1.3.6.1.2.1.2.1
        Integer The number of network interfaces (regardless of their current state) present on this system.  
        List of interface entries .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable
        .1.3.6.1.2.1.2.2
        Table All information about each interface.
        The number of entries is defined by the value of "ifNumber".
         
        Interface Index .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifIndex
        .1.3.6.1.2.1.2.2.1.1
        Integer A unique value, greater than zero, for each interface.  
        Interface Description .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifDescr
        .1.3.6.1.2.1.2.2.1.2
        String A textual string containing information about the interface.
        In Gaia OS, this is the comment assigned to an interface in Gaia Portal / Gaia Clish.
         
        Interface MTU .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifMtu
        .1.3.6.1.2.1.2.2.1.4
        Integer The size of Maximal Transmission Unit (MTU) on the interface - the size of the largest packet, which can be sent/received on the interface, specified in octets.
        For interfaces that are used for transmitting network datagrams, this is the size of the largest network datagram that can be sent on the interface.
         
        Interface Speed .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifSpeed
        .1.3.6.1.2.1.2.2.1.5
        Gauge32 An estimate of the interface's current bandwidth in bits per second (bps).
        For interfaces, which do not vary in bandwidth, or for those, where no accurate estimation can be made, this object should contain the nominal bandwidth.
        If the bandwidth of the interface is greater than the maximum value reportable by this object, then this object should report its maximum value (4,294,967,295) and "ifHighSpeed" must be used to report the interface's speed.
        For a sub-layer which has no concept of bandwidth, this object should be zero.
         
        Interface MAC Address .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifPhysAddress
        .1.3.6.1.2.1.2.2.1.6
        PhysAddress The interface's address at its protocol sub-layer.
        For example, for an 802.x interface, this object normally contains a MAC address.
         
        Interface State .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifAdminStatus
        .1.3.6.1.2.1.2.2.1.7
        Integer Interface administrative state:
        • 1 - up
        • 2 - down
        • 3 - testing
         
        Interface Operational Status .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifOperStatus
        .1.3.6.1.2.1.2.2.1.8
        Integer Interface operational status:
        • 1 - up
        • 2 - down
        • 3 - testing
        • 4 - unknown
        • 5 - dormant
        • 6 - notPresent
        • 7 - lowerLayerDown
         
        Interface Received Bytes .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifInOctets
        .1.3.6.1.2.1.2.2.1.10
        Counter32 The total number of octets received on the interface, including framing characters.  
        Interface inbound discarded packets .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifInDiscards
        .1.3.6.1.2.1.2.2.1.13
        Counter32 The number of inbound packets which were chosen to be discarded, even though no errors had been detected to prevent their being deliverable to a higher-layer protocol.  
        Interface inbound errors .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifInErrors
        .1.3.6.1.2.1.2.2.1.14
        Counter32 For packet-oriented interfaces, the number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol.
        For character-oriented or fixed-length interfaces, the number of inbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol.
         
        Interface Transmitted Bytes .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifOutOctets
        .1.3.6.1.2.1.2.2.1.16
        Counter32 The total number of octets transmitted on the interface, including framing characters.  
        Interface outbound discarded packets .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifOutDiscards
        .1.3.6.1.2.1.2.2.1.19
        Counter32 The number of inbound packets which were chosen to be discarded, even though no errors had been detected to prevent their being deliverable to a higher-layer protocol.  
        Interface outbound errors .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifOutErrors
        .1.3.6.1.2.1.2.2.1.20
        Counter32 For packet-oriented interfaces, the number of outbound packets that contained errors preventing them from being deliverable to a higher-layer protocol.
        For character-oriented or fixed-length interfaces, the number of outbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol.
         
      • Additional information (IF-MIB.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        Information .iso.org.dod.internet.mgmt.mib-2.ifMIB.ifMIBObjects.ifXTable
        .1.3.6.1.2.1.31.1.1
        Table All information about each interface.
        This table contains additional objects for the "ifTable" (.1.3.6.1.2.1.2.2).
        The number of entries is defined by the value of "ifNumber".
         
        Interface Index ifIndex
        .1.3.6.1.2.1.2.2.1.1
        Integer A unique value, greater than zero, for each interface.  
        Interface Name .iso.org.dod.internet.mgmt.mib-2.ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName
        .1.3.6.1.2.1.31.1.1.1.1
        String The textual name of the interface as assigned by the Gaia OS.  
        Interface Received Bytes .iso.org.dod.internet.mgmt.mib-2.ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifHCInOctets
        .1.3.6.1.2.1.31.1.1.1.6
        Counter64 The total number of octets received on the interface, including framing characters.
        This object is a 64-bit version of "ifInOctets".
         
        Interface Transmitted Bytes .iso.org.dod.internet.mgmt.mib-2.ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifHCOutOctets
        .1.3.6.1.2.1.31.1.1.1.10
        Counter64 The total number of octets transmitted on the interface, including framing characters.
        This object is a 64-bit version of "ifOutOctets".
         
        Interface Speed .iso.org.dod.internet.mgmt.mib-2.ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifHighSpeed
        .1.3.6.1.2.1.31.1.1.1.15
        Gauge32 An estimate of the interface's current bandwidth in units of 1,000,000 bits per second (Gbs).
        If this object reports a value of "n", then the speed of the interface is somewhere in the range of "n-500,000" to "n+499,999".
        For interfaces, which do not vary in bandwidth, or for those, where no accurate estimation can be made, this object should contain the nominal bandwidth.
        For a sub-layer, which has no concept of bandwidth, this object should be zero.
         
        Interface Alias Name .iso.org.dod.internet.mgmt.mib-2.ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifAlias
        .1.3.6.1.2.1.31.1.1.1.18
        String This object is an "alias" name for the interface as specified by a network manager, and provides a non-volatile 'handle' for the interface.  
    • (VI-2-B) Traffic (packets / bytes) general statistics from Check Point FireWall

      Show / Hide this subsection
      • Counters ($CPDIR/lib/snmp/chkpnt.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        Interface statistics .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwPolicyStat.fwIfTable
        .1.3.6.1.4.1.2620.1.1.25.5
        Table Table containing FireWall statistics per interface:
        • fwAcceptPcktsIn
        • fwAcceptPcktsOut
        • fwAcceptBytesIn
        • fwAcceptBytesOut
        • fwDropPcktsIn
        • fwDropPcktsOut
        • fwRejectPcktsIn
        • fwRejectPcktsOut
        • fwLogIn
        • fwLogOut

        Refer to section "(VI-2-C) Traffic (packets / bytes) statistics per interface from Check Point FireWall" below.
         
        Accepted bytes rate .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwPolicyStat.fwAcceptedBytesRates
        .1.3.6.1.4.1.2620.1.1.25.20
        String Accepted bytes rate since last start of Check Point services.  
        Accepted packets rate .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwPolicyStat.fwAcceptedBytesRates
        .1.3.6.1.4.1.2620.1.1.25.21
        String Accepted packets rate since last start of Check Point services.  
        Accepted packets .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwPolicyStat.fwAccepted
        .1.3.6.1.4.1.2620.1.1.4
        Integer Number of accepted packets since last start of Check Point services.  
        Total accepted packets .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwPolicyStat.fwAcceptedTotal
        .1.3.6.1.4.1.2620.1.1.25.6
        String Total number of accepted packets since last start of Check Point services.  
        Total accepted bytes .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwPolicyStat.fwAcceptedBytesTotal
        .1.3.6.1.4.1.2620.1.1.25.8
        String Total number of accepted bytes since last start of Check Point services.  
        Rejected packets .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwPolicyStat.fwRejected
        .1.3.6.1.4.1.2620.1.1.5
        Integer Number of rejected packets since last start of Check Point services.  
        Total rejected packets .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwPolicyStat.fwRejectedTotal
        .1.3.6.1.4.1.2620.1.1.25.14
        String Total number of rejected packets since last start of Check Point services.  
        Total rejected bytes .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwPolicyStat.fwRejectedBytesTotal
        .1.3.6.1.4.1.2620.1.1.25.15
        String Total number of rejected bytes since last start of Check Point services.  
        Dropped packets .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwPolicyStat.fwDropped
        .1.3.6.1.4.1.2620.1.1.6
        Integer Number of dropped packets since last start of Check Point services.  
        Total dropped packets .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwPolicyStat.fwDroppedTotal
        .1.3.6.1.4.1.2620.1.1.25.16
        String Total number of dropped packets since last start of Check Point services.  
        Total dropped bytes .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwPolicyStat.fwDroppedBytesTotal
        .1.3.6.1.4.1.2620.1.1.25.9
        String Total number of dropped bytes since last start of Check Point services.  
    • (VI-2-C) Traffic (packets / bytes) statistics per interface from Check Point FireWall

      Show / Hide this subsection
      • Counters ($CPDIR/lib/snmp/chkpnt.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        Interface Index .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwPolicyStat.fwIfTable.fwIfEntry.fwIfIndex
        .1.3.6.1.4.1.2620.1.1.25.5.1.1
        String Index of interface in the "fwIfTable".  
        Interface Name .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwPolicyStat.fwIfTable.fwIfEntry.fwIfName
        .1.3.6.1.4.1.2620.1.1.25.5.1.2
        String Name of interface in Check Point FireWall kernel.  
        Incoming accepted packets .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwPolicyStat.fwIfTable.fwIfEntry.fwAcceptPcktsIn
        .1.3.6.1.4.1.2620.1.1.25.5.1.5
        Integer Number of incoming accepted packets since last start of Check Point services.  
        Outgoing accepted packets .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwPolicyStat.fwIfTable.fwIfEntry.fwAcceptPcktsOut
        .1.3.6.1.4.1.2620.1.1.25.5.1.6
        Integer Number of outgoing accepted packets since last start of Check Point services.  
        Incoming accepted bytes .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwPolicyStat.fwIfTable.fwIfEntry.fwAcceptBytesIn
        .1.3.6.1.4.1.2620.1.1.25.5.1.7
        Integer Total incoming accepted bytes since last start of Check Point services.  
        Outgoing accepted bytes .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwPolicyStat.fwIfTable.fwIfEntry.fwAcceptBytesOut
        .1.3.6.1.4.1.2620.1.1.25.5.1.8
        Integer Total outgoing accepted bytes since last start of Check Point services.  
        Incoming dropped packets .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwPolicyStat.fwIfTable.fwIfEntry.fwDropPcktsIn
        .1.3.6.1.4.1.2620.1.1.25.5.1.9
        Integer Number of incoming dropped packets since last start of Check Point services.  
        Outgoing dropped packets .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwPolicyStat.fwIfTable.fwIfEntry.fwDropPcktsOut
        .1.3.6.1.4.1.2620.1.1.25.5.1.10
        Integer Number of outgoing dropped packets since last start of Check Point services.  
        Incoming rejected packets .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwPolicyStat.fwIfTable.fwIfEntry.fwRejectPcktsIn
        .1.3.6.1.4.1.2620.1.1.25.5.1.11
        Integer Number of incoming rejected packets since last start of Check Point services.  
        Outgoing rejected packets .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwPolicyStat.fwIfTable.fwIfEntry.fwRejectPcktsOut
        .1.3.6.1.4.1.2620.1.1.25.5.1.12
        Integer Number of outgoing rejected packets since last start of Check Point services.  
    • (VI-2-D) Connections statistics from Check Point FireWall

      Show / Hide this subsection
      • Counters ($CPDIR/lib/snmp/chkpnt.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        Number of concurrent connections .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwPolicyStat.fwNumConn
        .1.3.6.1.4.1.2620.1.1.25.3
        Integer Number of concurrent IPv4 and IPv6 connections since last start of Check Point services.  
        Peak number of concurrent connections .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwPolicyStat.fwPeakNumConn
        .1.3.6.1.4.1.2620.1.1.25.4
        Integer Peak number of concurrent IPv4 and IPv6 connections since last start of Check Point services.  
        Limit of Connections table .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwPolicyStat.fwConnTableLimit
        .1.3.6.1.4.1.2620.1.1.25.10
        Integer Configured maximal number of concurrent connections in the Connections table (ID 8158).  
        Connections rate .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwPolicyStat.fwConnsRate
        .1.3.6.1.4.1.2620.1.1.25.22
        String Connections rate since last start of Check Point services.  
    • (VI-2-E) Routing table from Check Point FireWall

      Show / Hide this subsection
      • Counters ($CPDIR/lib/snmp/chkpnt.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        Routing table .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.routingTable
        .1.3.6.1.4.1.2620.1.6.6
        Table Routing table from Check Point FireWall:
        • Route Index
        • Route Destination Network
        • Route Destination Network Mask
        • Route Default Gateway
        • Route Interface Name
        Refer to section "(VI-3-F) Common used SNMP OIDs - Check Point Software Blades counters - VSX".
    • (VI-2-F) Traps

      Show / Hide this subsection
      • Traps ($CPDIR/lib/snmp/chkpnt-trap.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        Interface admin status alert .iso.org.dod.internet.private.enterprises.checkpoint.products.chkpntTrap.chkpntTrapNet.chkpntTrapNetIfState
        .1.3.6.1.4.1.2620.1.2000.1.1
        String Trap is sent when .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnNetStat.svnNetIfTable.svnNetIfTableEntry.svnNetIfState=0 (.1.3.6.1.4.1.2620.1.6.50.1.1.7).
        Trap includes the interface name (svnNetIfName), interface IP address (svnNetIfAddress), and interface state (svnNetIfState).
         
        Interface unplugged alert .iso.org.dod.internet.private.enterprises.checkpoint.products.chkpntTrap.chkpntTrapNet.chkpntTrapNetIfUnplugged
        .1.3.6.1.4.1.2620.1.2000.1.2
        String Trap is sent when an interface disappears from .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnNetStat.svnNetIfTable (.1.3.6.1.4.1.2620.1.6.50.1).
        Trap includes the interface name (svnNetIfName), interface IP address (svnNetIfAddress), and interface state (svnNetIfState).
         
        New connections rate alert .iso.org.dod.internet.private.enterprises.checkpoint.products.chkpntTrap.chkpntTrapNet.chkpntTrapNewConnRate
        .1.3.6.1.4.1.2620.1.2000.1.4
        String Trap is sent when the new connections rate per second equals / exceeds the threshold.  
        Concurrent connections rate alert .iso.org.dod.internet.private.enterprises.checkpoint.products.chkpntTrap.chkpntTrapNet.chkpntTrapConcurrentConnRate
        .1.3.6.1.4.1.2620.1.2000.1.3
        String Trap is sent when number of concurrent connections (.iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwPolicyStat.fwNumConn - .1.3.6.1.4.1.2620.1.1.25.3) equals / exceeds the threshold.  
        Bytes throughput alert .iso.org.dod.internet.private.enterprises.checkpoint.products.chkpntTrap.chkpntTrapNet.chkpntTrapBytesThroughput
        .1.3.6.1.4.1.2620.1.2000.1.5
        String Trap is sent when the throughput bytes per second equals / exceeds the threshold.  
        Accepted packets rate alert .iso.org.dod.internet.private.enterprises.checkpoint.products.chkpntTrap.chkpntTrapNet.chkpntTrapAcceptedPacketRate
        .1.3.6.1.4.1.2620.1.2000.1.6
        String Trap is sent when the accepted packets per second rate equals / exceeds the threshold.  
        Interface operational link status alert .iso.org.dod.internet.private.enterprises.checkpoint.products.chkpntTrap.chkpntTrapNet.chkpntTrapNetIfOperState
        .1.3.6.1.4.1.2620.1.2000.1.7
        String Trap is sent when .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnNetStat.svnNetIfTable.svnNetIfTableEntry.svnNetIfOperState=0 (.1.3.6.1.4.1.2620.1.6.50.1.1.10).
        Trap includes the interface name (svnNetIfName), interface IP address (svnNetIfAddress), and interface operational state (svnNetIfOperState).
         
        Interface RX drops changed alert .iso.org.dod.internet.private.enterprises.checkpoint.products.chkpntTrap.chkpntTrapNet.chkpntTrapNetIfRXDrop
        .1.3.6.1.4.1.2620.1.2000.1.8
        String Trap is sent when .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.svnNetStat.svnNetIfTable.svnNetIfTableEntry.svnNetIfRXDrops (.1.3.6.1.4.1.2620.1.6.50.1.1.14) changes.
        Trap includes the interface name (svnNetIfName), interface state (svnNetIfState), and number of RX drops (svnNetIfRXDrops).
         


  • (VI-3) Common used SNMP OIDs - Check Point Software Blades counters

    Click Here to show the entire section
    • (VI-3-A) General

      Show / Hide this subsection
      • Counters ($CPDIR/lib/snmp/chkpnt.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        Major version .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwVerMajor
        .1.3.6.1.4.1.2620.1.1.22
        Integer Check Point release major version.  
        Minor version .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwVerMinor
        .1.3.6.1.4.1.2620.1.1.23
        Integer Check Point release minor version.  
        Policy name .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwPolicyStat.fwPolicyName
        .1.3.6.1.4.1.2620.1.1.25.1
        String Name of Security Policy currently enforced by Security Gateway.  
        Policy last install time .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwPolicyStat.fwInstallTime
        .1.3.6.1.4.1.2620.1.1.25.2
        String Date/Time last Security Policy was installed.  
    • (VI-3-B) Logging

      Show / Hide this subsection
      • Counters ($CPDIR/lib/snmp/chkpnt.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        Log Server connectivity .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwLSConn.fwLSConnOverall
        .1.3.6.1.4.1.2620.1.1.30.1
        Integer 0-2 Connectivity with Log Server(s):
        • 0 - OK
        • 1 - Warning
        • 2 - Error
         
        Log Server connectivity description .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwLSConn.fwLSConnOverallDesc
        .1.3.6.1.4.1.2620.1.1.30.2
        String Description of connectivity status with Log Server(s).  
        Local logging status .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwLSConn.fwLocalLoggingStat
        .1.3.6.1.4.1.2620.1.1.30.5
        Integer 0-3 Status of local logging:
        • 0 - logging to configured log server(s)
        • 1 - local logging is configured
        • 2 - local logging due to connectivity issues
        • 3 - local logging due to high rate
         
        Local logging status description .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwLSConn.fwLocalLoggingDesc
        .1.3.6.1.4.1.2620.1.1.30.4
        String Description of local logging status.  
        Local logging writing rate .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwLSConn.fwLocalLoggingWriteRate
        .1.3.6.1.4.1.2620.1.1.30.6
        Integer Local logging writing rate.  
        Total logging handling rate .iso.org.dod.internet.private.enterprises.checkpoint.products.fw.fwLSConn.fwLoggingHandlingRate
        .1.3.6.1.4.1.2620.1.1.30.7
        Integer Total Logging Handling Rate = Local writing + Sending to Log Server.  
    • (VI-3-C) VPN Site-to-Site

      Show / Hide this subsection
      • Counters ($CPDIR/lib/snmp/chkpnt.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        Number of encrypted packets .iso.org.dod.internet.private.enterprises.checkpoint.products.vpn.cpvGeneral.cpvStatistics.cpvEncPackets
        .1.3.6.1.4.1.2620.1.2.4.1.1
        String Number of encrypted packets.  
        Number of decrypted packets .iso.org.dod.internet.private.enterprises.checkpoint.products.vpn.cpvGeneral.cpvStatistics.cpvDecPackets
        .1.3.6.1.4.1.2620.1.2.4.1.2
        String Number of decrypted packets.  
        Number of encryption errors .iso.org.dod.internet.private.enterprises.checkpoint.products.vpn.cpvGeneral.cpvErrors.cpvErrOut
        .1.3.6.1.4.1.2620.1.2.4.2.1
        String Number of encryption errors.  
        Number of decryption errors .iso.org.dod.internet.private.enterprises.checkpoint.products.vpn.cpvGeneral.cpvErrors.cpvErrIn
        .1.3.6.1.4.1.2620.1.2.4.2.2
        String Number of decryption errors.  
        Number of IKE errors .iso.org.dod.internet.private.enterprises.checkpoint.products.vpn.cpvGeneral.cpvErrors.cpvErrIke
        .1.3.6.1.4.1.2620.1.2.4.2.3
        String Number of IKE errors.  
        Number of IPsec decryption errors .iso.org.dod.internet.private.enterprises.checkpoint.products.vpn.cpvIpsec.cpvSaErrors.cpvSaDecrErr
        .1.3.6.1.4.1.2620.1.2.5.3.1
        String Number of IPsec decryption errors.  
        Number of IPsec ESP encrypted packets per second .iso.org.dod.internet.private.enterprises.checkpoint.products.vpn.cpvIpsec.cpvIpsecStatistics.cpvIpsecEspEncPkts
        .1.3.6.1.4.1.2620.1.2.5.4.5
        String Number of IPsec ESP encrypted packets per second.  
        Number of IPsec ESP decrypted packets per second .iso.org.dod.internet.private.enterprises.checkpoint.products.vpn.cpvIpsec.cpvIpsecStatistics.cpvIpsecEspDecPkts
        .1.3.6.1.4.1.2620.1.2.5.4.6
        String Number of IPsec ESP decrypted packets per second.  
        Number of IPsec decompression errors .iso.org.dod.internet.private.enterprises.checkpoint.products.vpn.cpvIpsec.cpvIpsecStatistics.cpvIpsecDecomprErr
        .1.3.6.1.4.1.2620.1.2.5.4.11
        String Number of IPsec decompression errors.  
        Number of IPsec compression errors .iso.org.dod.internet.private.enterprises.checkpoint.products.vpn.cpvIpsec.cpvIpsecStatistics.cpvIpsecComprErrors
        .1.3.6.1.4.1.2620.1.2.5.4.18
        String Number of IPsec compression errors.  
        Number of IPsec current Inbound ESP SAs .iso.org.dod.internet.private.enterprises.checkpoint.products.vpn.cpvIpsec.cpvSaStatistics.cpvCurrEspSAsIn
        .1.3.6.1.4.1.2620.1.2.5.2.1
        String Number of IPsec current Inbound ESP SAs.  
        Total number of IPsec Inbound ESP SAs .iso.org.dod.internet.private.enterprises.checkpoint.products.vpn.cpvIpsec.cpvSaStatistics.cpvTotalEspSAsIn
        .1.3.6.1.4.1.2620.1.2.5.2.2
        String Total number of IPsec Inbound ESP SAs.  
        Maximal number of concurrent IPsec Inbound ESP SAs .iso.org.dod.internet.private.enterprises.checkpoint.products.vpn.cpvIpsec.cpvSaStatistics.cpvMaxConncurEspSAsIn
        .1.3.6.1.4.1.2620.1.2.5.2.9
        String Maximal number of concurrent IPsec Inbound ESP SAs.  
        Number of IPsec current Outbound ESP SAs .iso.org.dod.internet.private.enterprises.checkpoint.products.vpn.cpvIpsec.cpvSaStatistics.cpvCurrEspSAsOut
        .1.3.6.1.4.1.2620.1.2.5.2.3
        String Number of IPsec current Outbound ESP SAs.  
        Total number of IPsec Outbound ESP SAs .iso.org.dod.internet.private.enterprises.checkpoint.products.vpn.cpvIpsec.cpvSaStatistics.cpvTotalEspSAsOut
        .1.3.6.1.4.1.2620.1.2.5.2.4
        String Total number of IPsec Outbound ESP SAs.  
        Maximal number of concurrent IPsec Outbound ESP SAs .iso.org.dod.internet.private.enterprises.checkpoint.products.vpn.cpvIpsec.cpvSaStatistics.cpvMaxConncurEspSAsOut
        .1.3.6.1.4.1.2620.1.2.5.2.10
        String Maximal number of concurrent IPsec Outbound ESP SAs.  
        Number of IKE current SAs .iso.org.dod.internet.private.enterprises.checkpoint.products.vpn.cpvIKE.cpvIKEglobals.cpvIKECurrSAs
        .1.3.6.1.4.1.2620.1.2.9.1.1
        String Number of IKE current SAs.  
        Total number of IKE SAs .iso.org.dod.internet.private.enterprises.checkpoint.products.vpn.cpvIKE.cpvIKEglobals.cpvIKECurrSAs
        .1.3.6.1.4.1.2620.1.2.9.1.1
        String Total number of IKE SAs.  
        Total number of IKE SAs .iso.org.dod.internet.private.enterprises.checkpoint.products.vpn.cpvIKE.cpvIKEglobals.cpvIKETotalSAs
        .1.3.6.1.4.1.2620.1.2.9.1.4
        String Total number of IKE SAs.  
        Maximal number of concurrent IKE SAs .iso.org.dod.internet.private.enterprises.checkpoint.products.vpn.cpvIKE.cpvIKEglobals.cpvIKEMaxConncurSAs
        .1.3.6.1.4.1.2620.1.2.9.1.10
        String Maximal number of concurrent IKE SAs.  
        Total number of IKE failures (initiator errors) .iso.org.dod.internet.private.enterprises.checkpoint.products.vpn.cpvIKE.cpvIKEerrors.cpvIKETotalFailuresInit
        .1.3.6.1.4.1.2620.1.2.9.2.1
        String Total number of IKE failures (initiator errors).  
        Number of IKE "no response from peer" errors .iso.org.dod.internet.private.enterprises.checkpoint.products.vpn.cpvIKE.cpvIKEerrors.cpvIKENoResp
        .1.3.6.1.4.1.2620.1.2.9.2.2
        String Number of IKE "no response from peer" errors (initiator errors).  
        Total number of IKE failures (responder errors) .iso.org.dod.internet.private.enterprises.checkpoint.products.vpn.cpvIKE.cpvIKEerrors.cpvIKETotalFailuresResp
        .1.3.6.1.4.1.2620.1.2.9.2.3
        String Total number of IKE failures (responder errors).  
        Number of IPsec decrypted bytes by interface .iso.org.dod.internet.private.enterprises.checkpoint.products.vpn.cpvIPsec.cpvIPsecNIC.cpvIPsecNICDecrBytes
        .1.3.6.1.4.1.2620.1.2.10.1.4
        String Number of IPsec decrypted bytes by interface.  
        Number of IPsec decrypted packets by interface .iso.org.dod.internet.private.enterprises.checkpoint.products.vpn.cpvIPsec.cpvIPsecNIC.cpvIPsecNICDecrPackets
        .1.3.6.1.4.1.2620.1.2.10.1.6
        String Number of IPsec decrypted packets by interface.  
        Number of IPsec encrypted bytes by interface .iso.org.dod.internet.private.enterprises.checkpoint.products.vpn.cpvIPsec.cpvIPsecNIC.cpvIPsecNICEncrBytes
        .1.3.6.1.4.1.2620.1.2.10.1.5
        String Number of IPsec encrypted bytes by interface.  
        Number of IPsec encrypted packets by interface .iso.org.dod.internet.private.enterprises.checkpoint.products.vpn.cpvIPsec.cpvIPsecNIC.cpvIPsecNICEncrPackets
        .1.3.6.1.4.1.2620.1.2.10.1.7
        String Number of IPsec encrypted packets by interface.  
        Peer IP address .iso.org.dod.internet.private.enterprises.checkpoint.tables.tunnelTable.tunnelEntry.tunnelPeerIpAddr
        .1.3.6.1.4.1.2620.500.9002.1.1
        IP Address Peer IP address.  
        Peer name .iso.org.dod.internet.private.enterprises.checkpoint.tables.tunnelTable.tunnelEntry.tunnelPeerObjName
        .1.3.6.1.4.1.2620.500.9002.1.2
        String Peer name.  
        Tunnel state .iso.org.dod.internet.private.enterprises.checkpoint.tables.tunnelTable.tunnelEntry.tunnelState
        .1.3.6.1.4.1.2620.500.9002.1.3
        Integer Tunnel state:
        • 3 - active
        • 4 - destroy
        • 129 - idle
        • 130 - phase1
        • 131 - down
        • 132 - init
         
        Community .iso.org.dod.internet.private.enterprises.checkpoint.tables.tunnelTable.tunnelEntry.tunnelCommunity
        .1.3.6.1.4.1.2620.500.9002.1.4
        String VPN Community.  
        Next Hop .iso.org.dod.internet.private.enterprises.checkpoint.tables.tunnelTable.tunnelEntry.tunnelNextHop
        .1.3.6.1.4.1.2620.500.9002.1.5
        IP Address Next Hop IP Address.  
        Tunnel interface .iso.org.dod.internet.private.enterprises.checkpoint.tables.tunnelTable.tunnelEntry.tunnelInterface
        1.3.6.1.4.1.2620.500.9002.1.6
        String Tunnel interface.  
        Source IP .iso.org.dod.internet.private.enterprises.checkpoint.tables.tunnelTable.tunnelEntry.tunnelSourceIpAddr
        .1.3.6.1.4.1.2620.500.9002.1.7
        IP Address Source IP address.  
        Link priority .iso.org.dod.internet.private.enterprises.checkpoint.tables.tunnelTable.tunnelEntry.tunnelLinkPriority
        .1.3.6.1.4.1.2620.500.9002.1.8
        Integer 0-2 VPN Link priority:
        • 0 - Primary
        • 1 - Backup
        • 2 - On-demand
         
        Probing state .iso.org.dod.internet.private.enterprises.checkpoint.tables.tunnelTable.tunnelEntry.tunnelProbState
        .1.3.6.1.4.1.2620.500.9002.1.9
        Integer 0-2 VPN tunnel probing state:
        • 0 - unknown
        • 1 - alive
        • 2 - dead
         
        Peer type .iso.org.dod.internet.private.enterprises.checkpoint.tables.tunnelTable.tunnelEntry.tunnelPeerType
        .1.3.6.1.4.1.2620.500.9002.1.10
        Integer 1-3 VPN peer type:
        • 1 - regular
        • 2 - DAIP
        • 3 - ROBO (SmartLSM Gateway)
         
        Tunnel type .iso.org.dod.internet.private.enterprises.checkpoint.tables.tunnelTable.tunnelEntry.tunnelType
        .1.3.6.1.4.1.2620.500.9002.1.11
        Integer 1-2 VPN tunnel type:
        • 1 - regular
        • 2 - permanent
         
    • (VI-3-D) VPN Remote Access

      Show / Hide this subsection
      • Counters ($CPDIR/lib/snmp/chkpnt.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        Remote Access users information .iso.org.dod.internet.private.enterprises.checkpoint.tables.raUsersTable
        .1.3.6.1.4.1.2620.500.9000
        Table Table containing information about Remote Access users tunnels.  
    • (VI-3-E) Cluster

      Show / Hide this subsection
      • Counters ($CPDIR/lib/snmp/chkpnt.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        Cluster mechanism started .iso.org.dod.internet.private.enterprises.checkpoint.products.ha.haStarted
        .1.3.6.1.4.1.2620.1.5.5
        String Cluster mechanism is up and running, and a security policy is installed (returns either "yes" or "no").  
        Cluster Member state .iso.org.dod.internet.private.enterprises.checkpoint.products.ha.haState
        .1.3.6.1.4.1.2620.1.5.6
        String Cluster Member state:
        • active - Inspecting traffic.
        • standby - Ready to inspect traffic, but there is another active member. This member is now in the standby mode.
        • active attention - The member is blocked. Because there are no other available members, it will continue as the active member.
        • down - Member is down, or other members see it as down.
         
        Cluster Member Status Code .iso.org.dod.internet.private.enterprises.checkpoint.products.ha.haStatCode
        .1.3.6.1.4.1.2620.1.5.101
        Integer Cluster Member status code:
        • 0 - Member is up and working (as either Active, or Standby)
        • 1 - Attention. There is a problem preventing it to switch to Active or Standby
        • 2 - Cluster mechanism is down
         
        Cluster interfaces and states .iso.org.dod.internet.private.enterprises.checkpoint.products.ha.haIfTable
        .1.3.6.1.4.1.2620.1.5.12
        Table Table of interfaces and states as appears in the output of the "cphaprob -a if" command. Prints the Cluster IP addresses configured in SmartDashboard / SmartConsole as appears in the output of the "cphaprob -a if" command (and not IP addresses from the VSX "Internal Communication Network" (a.k.a. "Funny" IP)).
        List of Critical Devices (Pnotes) and their statuses .iso.org.dod.internet.private.enterprises.checkpoint.products.ha.haProblemTable
        .1.3.6.1.4.1.2620.1.5.13
        Table List of Critical Devices (Pnotes) and their statuses as appears in the output of the "cphaprob -l list" command. Related solution: sk110653
        CCP version .iso.org.dod.internet.private.enterprises.checkpoint.products.ha.haProtoVersion
        .1.3.6.1.4.1.2620.1.5.10
        Integer Cluster Control Protocol version (you can also run the "fw ctl set int fwha_version" command).  
    • (VI-3-F) VSX

      Show / Hide this subsection
      • Counters ($CPDIR/lib/snmp/chkpnt.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        Number of configured Virtual Systems .iso.org.dod.internet.private.enterprises.checkpoint.products.vsx.vsxVsConfigured
        .1.3.6.1.4.1.2620.1.16.12
        Integer The number of configured Virtual Systems.  
        Number of installed Virtual Systems .iso.org.dod.internet.private.enterprises.checkpoint.products.vsx.vsxVsInstalled
        .1.3.6.1.4.1.2620.1.16.13
        Integer The number of installed Virtual Systems.  
        Total number of configured Virtual Devices .iso.org.dod.internet.private.enterprises.checkpoint.products.vsx.vsxVrfConfigured
        .1.3.6.1.4.1.2620.1.16.14
        Integer Total number of configured Virtual Devices (Virtual Systems, Virtual Routers and Virtual Switches).
        The returned number also includes the context of VSX Gateway itself (VS0).
        This OID is officially supported starting in Check Point R80.10 (sk108117).
        States of all Virtual Devices .iso.org.dod.internet.private.enterprises.checkpoint.products.vsx.vsxStatus.vsxStatusTable
        .1.3.6.1.4.1.2620.1.16.22.1
        Table States of all Virtual Devices (Virtual Systems, Virtual Routers and Virtual Switches) as in the output of the "vsx stat -v" command.
        Output also includes:
        • HA status for VSLS
        • Virtual System Resource Control Weight
         
        CPU Usage per Virtual System for all CPU cores .iso.org.dod.internet.private.enterprises.checkpoint.products.vsx.vsxStatus.vsxStatusCPUUsageTable
        .1.3.6.1.4.1.2620.1.16.22.2
        Table CPU usage in per cent per Virtual System averaged for all CPU cores:
        • Virtual System ID
        • CPU usage in the last 1 second
        • CPU usage in the last 10 seconds
        • CPU usage in the last 1 minute
        • CPU usage in the last 1 hour
        • CPU usage in the last 24 hours
         
        CPU Usage per Virtual System per CPU core .iso.org.dod.internet.private.enterprises.checkpoint.products.vsx.vsxStatus.vsxStatusCPUUsagePerCPUTable
        .1.3.6.1.4.1.2620.1.16.22.4
        Table CPU usage in per cent per Virtual System averaged for all CPU cores:
        • Virtual System ID
        • Virtual System Name
        • CPU Core number
        • CPU usage in the last 1 second
        • CPU usage in the last 10 seconds
        • CPU usage in the last 1 minute
        • CPU usage in the last 1 hour
        • CPU usage in the last 24 hours
         
        Memory usage per Virtual System .iso.org.dod.internet.private.enterprises.checkpoint.products.vsx.vsxStatus.vsxStatusMemoryUsageTable
        .1.3.6.1.4.1.2620.1.16.22.3
        Table Memory usage per Virtual System:
        • Virtual System ID
        • Virtual System Name
        • Virtual System memory usage in KB
         
        Traffic statistics per Virtual System .iso.org.dod.internet.private.enterprises.checkpoint.products.vsx.vsxCounters.vsxCountersTable
        .1.3.6.1.4.1.2620.1.16.23.1
        Table Traffic statistics per Virtual System (connections, packets, bytes):
        • Virtual System ID
        • Number of active connections
        • Peak number of active connections
        • Connection table limit
        • Total number of packets processed
        • Total number of dropped packets
        • Total number of accepted packets
        • Total number of rejected packets
        • Total number of accepted bytes
        • Total number of dropped bytes
        • Total number of rejected bytes
        • Total number of logs sent
        • Data validity indicator (0 - invalid; 1 - valid)
        To get these data for a specific Virtual System:
        1. Get the VS ID:
          refer to the output of the "vsx stat -v" command, to the SNMP object .iso.org.dod.internet.private.enterprises.checkpoint.products.vsx.vsxStatus.vsxStatusTable, or to the SNMP object .iso.org.dod.internet.private.enterprises.checkpoint.products.vsx.vsxCounters.vsxCountersTable
        2. Query the relevant SNMP counter:
          .iso.org.dod.internet.private.enterprises.checkpoint.products.vsx.vsxCounters.vsxCountersTable.vsxCountersEntry.<Counter>.<VS ID>
          (e.g., .iso.org.dod.internet.private.enterprises.checkpoint.products.vsx.vsxCounters.vsxCountersTable.vsxCountersEntry.vsxCountersConnNum.3)
        Routing table per Virtual System .iso.org.dod.internet.private.enterprises.checkpoint.products.svn.vsRoutingTable
        .1.3.6.1.4.1.2620.1.6.51
        Table Routing table per Virtual System from Check Point FireWall:
        • Route Index
        • Route Destination Network
        • Route Destination Network Mask
        • Route Default Gateway
        • Route Interface Name
        • Virtual System ID
         
    • (VI-3-G) SecureXL

      Show / Hide this subsection
      • Counters ($CPDIR/lib/snmp/chkpnt.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        SecureXL current status .iso.org.dod.internet.private.enterprises.checkpoint.products.sxl.fwSXLGroup.fwSXLStatus
        .1.3.6.1.4.1.2620.1.36.1.1.0
        Integer The current status of SecureXL:
        • 1 - enabled
        • 0 - disabled
         
        Number of connections handled by SecureXL .iso.org.dod.internet.private.enterprises.checkpoint.products.sxl.fwSXLGroup.fwSXLConnsExisting
        .1.3.6.1.4.1.2620.1.36.1.2.0
        Integer The current total number of connections in SecureXL connections table - appears as "C total conns" counter in the output of the "fwaccel stats" command (section "Accelerated Path").  
        Number of connections added by SecureXL .iso.org.dod.internet.private.enterprises.checkpoint.products.sxl.fwSXLGroup.fwSXLConnsAdded
        .1.3.6.1.4.1.2620.1.36.1.3.0
        Integer The number of connections added by SecureXL - appears as "conns created" counter in the output of the "fwaccel stats" command (section "Accelerated Path").  
        Number of connections deleted by SecureXL .iso.org.dod.internet.private.enterprises.checkpoint.products.sxl.fwSXLGroup.fwSXLConnsDeleted
        .1.3.6.1.4.1.2620.1.36.1.4.0
        Integer The number of connections deleted by SecureXL - appears as "conns deleted" counter in the output of the "fwaccel stats" command (section "Accelerated Path").  
    • (VI-3-H) URL Filtering

      Show / Hide this subsection
      • Counters ($CPDIR/lib/snmp/chkpnt.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        URL Filtering Subscription status .iso.org.dod.internet.private.enterprises.checkpoint.products.advancedUrlFiltering.advancedUrlFilteringSubscription.advancedUrlFilteringSubscriptionStatus
        .1.3.6.1.4.1.2620.1.43.1.1
        String URL Filtering Subscription status:
        • valid
        • expired
        • about-to-expire
        • not-associated
        • unknown
         
        URL Filtering Subscription expiration date .iso.org.dod.internet.private.enterprises.checkpoint.products.advancedUrlFiltering.advancedUrlFilteringSubscription.advancedUrlFilteringSubscriptionExpDate
        .1.3.6.1.4.1.2620.1.43.1.2
        String URL Filtering Subscription expiration date.  
        URL Filtering Subscription description .iso.org.dod.internet.private.enterprises.checkpoint.products.advancedUrlFiltering.advancedUrlFilteringSubscription.advancedUrlFilteringSubscriptionDesc
        .1.3.6.1.4.1.2620.1.43.1.3
        String URL Filtering Subscription description.  
        URL Filtering Update status .iso.org.dod.internet.private.enterprises.checkpoint.products.advancedUrlFiltering.advancedUrlFilteringUpdate.advancedUrlFilteringUpdateStatus
        .1.3.6.1.4.1.2620.1.43.2.1
        String URL Filtering Update status:
        • failed
        • up-to-date
        • new
        • degrade
        • unknown
         
        URL Filtering Update description .iso.org.dod.internet.private.enterprises.checkpoint.products.advancedUrlFiltering.advancedUrlFilteringUpdate.advancedUrlFilteringUpdateDesc
        .1.3.6.1.4.1.2620.1.43.2.2
        String URL Filtering Update description.  
        URL Filtering Next Update description .iso.org.dod.internet.private.enterprises.checkpoint.products.advancedUrlFiltering.advancedUrlFilteringUpdate.advancedUrlFilteringNextUpdate
        .1.3.6.1.4.1.2620.1.43.2.3
        String URL Filtering Next Update description.  
        URL Filtering database version .iso.org.dod.internet.private.enterprises.checkpoint.products.advancedUrlFiltering.advancedUrlFilteringUpdate.advancedUrlFilteringVersion
        .1.3.6.1.4.1.2620.1.43.2.4
        String URL Filtering database version.  
        URL Filtering RAD status code .iso.org.dod.internet.private.enterprises.checkpoint.products.advancedUrlFiltering.advancedUrlFilteringRADStatus.advancedUrlFilteringRADStatusCode
        .1.3.6.1.4.1.2620.1.43.3.1
        Integer URL Filtering RAD status code.  
        URL Filtering RAD status description .iso.org.dod.internet.private.enterprises.checkpoint.products.advancedUrlFiltering.advancedUrlFilteringRADStatus.advancedUrlFilteringRADStatusDesc
        .1.3.6.1.4.1.2620.1.43.3.2
        String URL Filtering RAD status description.  
        URL Filtering status code .iso.org.dod.internet.private.enterprises.checkpoint.products.advancedUrlFiltering.advancedUrlFilteringStatusCode
        .1.3.6.1.4.1.2620.1.43.101
        Integer URL Filtering status code.  
        URL Filtering status - short description .iso.org.dod.internet.private.enterprises.checkpoint.products.advancedUrlFiltering.advancedUrlFilteringStatusShortDesc
        .1.3.6.1.4.1.2620.1.43.102
        String URL Filtering status - short description.  
        URL Filtering status - long description .iso.org.dod.internet.private.enterprises.checkpoint.products.advancedUrlFiltering.advancedUrlFilteringStatusLongDesc
        .1.3.6.1.4.1.2620.1.43.103
        String URL Filtering status - long description.  
    • (VI-3-I) Application Control

      Show / Hide this subsection
      • Counters ($CPDIR/lib/snmp/chkpnt.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        Application Control Subscription status .iso.org.dod.internet.private.enterprises.checkpoint.products.applicationControl.applicationControlSubscription.applicationControlSubscriptionStatus
        .1.3.6.1.4.1.2620.1.39.1.1
        String Application Control Subscription status:
        • valid
        • expired
        • about-to-expire
        • not-associated
        • unknown
         
        Application Control Subscription expiration date .iso.org.dod.internet.private.enterprises.checkpoint.products.applicationControl.applicationControlSubscription.applicationControlSubscriptionExpDate
        .1.3.6.1.4.1.2620.1.39.1.2
        String Application Control Subscription expiration date.  
        Application Control Subscription description .iso.org.dod.internet.private.enterprises.checkpoint.products.applicationControl.applicationControlSubscription.applicationControlSubscriptionDesc
        .1.3.6.1.4.1.2620.1.39.1.3
        String Application Control Subscription description.  
        Application Control Update status .iso.org.dod.internet.private.enterprises.checkpoint.products.applicationControl.applicationControlUpdate.applicationControlUpdateStatus
        .1.3.6.1.4.1.2620.1.39.2.1
        String Application Control Update status:
        • failed
        • up-to-date
        • new
        • degrade
        • unknown
         
        Application Control Update description .iso.org.dod.internet.private.enterprises.checkpoint.products.applicationControl.applicationControlUpdate.applicationControlUpdateDesc
        .1.3.6.1.4.1.2620.1.39.2.2
        String Application Control Update description.  
        Application Control Next Update description .iso.org.dod.internet.private.enterprises.checkpoint.products.applicationControl.applicationControlUpdate.applicationControlNextUpdate
        .1.3.6.1.4.1.2620.1.39.2.3
        String Application Control Next Update description.  
        Application Control database version .iso.org.dod.internet.private.enterprises.checkpoint.products.applicationControl.applicationControlUpdate.applicationControlVersion
        .1.3.6.1.4.1.2620.1.39.2.4
        String Application Control database version.  
        Application Control code .iso.org.dod.internet.private.enterprises.checkpoint.products.applicationControl.applicationControlStatusCode
        .1.3.6.1.4.1.2620.1.39.101
        Integer Application Control code.  
        Application Control - short description .iso.org.dod.internet.private.enterprises.checkpoint.products.applicationControl.applicationControlStatusShortDesc
        .1.3.6.1.4.1.2620.1.39.102
        String Application Control - short description.  
        Application Control - long description .iso.org.dod.internet.private.enterprises.checkpoint.products.applicationControl.applicationControlStatusLongDesc
        .1.3.6.1.4.1.2620.1.39.103
        String Application Control - long description.  
    • (VI-3-J) DLP

      Show / Hide this subsection
      • Counters ($CPDIR/lib/snmp/chkpnt.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        Table with various information about Exchange Agents .iso.org.dod.internet.private.enterprises.checkpoint.products.dlp.exchangeAgents.exchangeAgentsTable
        .1.3.6.1.4.1.2620.1.44.1.1
        Table Table with various information about Exchange Agents:
        • name
        • status
        • version
        • total number of messages
        • total number of scanned messages
        • total number of dropped messages
        • uptime (in seconds)
        • time (in seconds) since the last message passed through
        • current queue length
        • cumulative queue length on Exchange Server
        • average (for all messages) latency added by the agent
        • average (for scanned messages only) latency added by the
        • CPU usage on Exchange Server (in per cent)
        • Memory usage on Exchange Server (in per cent)
        • time of the last policy retrieved by the agent from the Security Gateway
         
        License status .iso.org.dod.internet.private.enterprises.checkpoint.products.dlp.dlpLicenseStatus
        .1.3.6.1.4.1.2620.1.44.12
        String License status.  
        LDAP status .iso.org.dod.internet.private.enterprises.checkpoint.products.dlp.dlpLdapStatus
        .1.3.6.1.4.1.2620.1.44.13
        String LDAP status.  
        Total traffic scans .iso.org.dod.internet.private.enterprises.checkpoint.products.dlp.dlpTotalScans
        .1.3.6.1.4.1.2620.1.44.14
        String Total number of traffic scans.  
        Number of scanned e-mails .iso.org.dod.internet.private.enterprises.checkpoint.products.dlp.dlpSMTPScans
        .1.3.6.1.4.1.2620.1.44.15
        String Number of scanned e-mails.  
        Number of e-mail incidents .iso.org.dod.internet.private.enterprises.checkpoint.products.dlp.dlpSMTPIncidents
        .1.3.6.1.4.1.2620.1.44.16
        Format Number of incidents while scanning e-mails.  
        Number of quarantined e-mails .iso.org.dod.internet.private.enterprises.checkpoint.products.dlp.dlpNumQuarantined
        .1.3.6.1.4.1.2620.1.44.18
        Integer Number of quarantined e-mails.  
        Number of sent e-mails .iso.org.dod.internet.private.enterprises.checkpoint.products.dlp.dlpSentEMails
        .1.3.6.1.4.1.2620.1.44.20
        String Number of sent e-mails.  
        Number of expired e-mails .iso.org.dod.internet.private.enterprises.checkpoint.products.dlp.dlpExpiredEMails
        .1.3.6.1.4.1.2620.1.44.21
        String Number of expired e-mails.  
        Number of discarded e-mails .iso.org.dod.internet.private.enterprises.checkpoint.products.dlp.dlpDiscardEMails
        .1.3.6.1.4.1.2620.1.44.22
        String Number of discarded e-mails.  
        Postfix queue length .iso.org.dod.internet.private.enterprises.checkpoint.products.dlp.dlpPostfixQLen
        .1.3.6.1.4.1.2620.1.44.23
        Integer Postfix queue length.  
        Postfix errors .iso.org.dod.internet.private.enterprises.checkpoint.products.dlp.dlpPostfixErrors
        .1.3.6.1.4.1.2620.1.44.24
        Integer Postfix errors.  
        Postfix e-mails in queue older than 1 hour .iso.org.dod.internet.private.enterprises.checkpoint.products.dlp.dlpPostfixQOldMsg
        .1.3.6.1.4.1.2620.1.44.25
        Integer Postfix e-mails in queue older than 1 hour.  
        Postfix free space in queue .iso.org.dod.internet.private.enterprises.checkpoint.products.dlp.dlpPostfixQFreeSp
        .1.3.6.1.4.1.2620.1.44.27
        Integer Postfix free space in queue.  
        Postfix free space for quarantine .iso.org.dod.internet.private.enterprises.checkpoint.products.dlp.dlpQrntFreeSpace
        .1.3.6.1.4.1.2620.1.44.28
        String Postfix free space for quarantine.  
        Quarantine status .iso.org.dod.internet.private.enterprises.checkpoint.products.dlp.dlpQrntStatus
        .1.3.6.1.4.1.2620.1.44.29
        String Quarantine status.  
        Number of scanned files over HTTP .iso.org.dod.internet.private.enterprises.checkpoint.products.dlp.dlpHttpScans
        .1.3.6.1.4.1.2620.1.44.30
        String Number of scanned files over HTTP.  
        Number of incidents for scanned files over HTTP .iso.org.dod.internet.private.enterprises.checkpoint.products.dlp.dlpHttpIncidents
        .1.3.6.1.4.1.2620.1.44.31
        String Number of incidents while scanning files over HTTP.  
        Number of scanned files over FTP .iso.org.dod.internet.private.enterprises.checkpoint.products.dlp.dlpFtpScans
        .1.3.6.1.4.1.2620.1.44.33
        String Number of scanned files over FTP.  
        Number of incidents for scanned files over FTP .iso.org.dod.internet.private.enterprises.checkpoint.products.dlp.dlpFtpIncidents
        .1.3.6.1.4.1.2620.1.44.34
        String Number of incidents while scanning files over FTP.  
        DLP Bypass status .iso.org.dod.internet.private.enterprises.checkpoint.products.dlp.dlpBypassStatus
        .1.3.6.1.4.1.2620.1.44.36
        String DLP Bypass status.  
        Number of UserCheck clients .iso.org.dod.internet.private.enterprises.checkpoint.products.dlp.dlpUserCheckClnts
        .1.3.6.1.4.1.2620.1.44.37
        Format Number of UserCheck clients.  
        DLP Status code .iso.org.dod.internet.private.enterprises.checkpoint.products.dlp.dlpStatusCode
        .1.3.6.1.4.1.2620.1.44.101
        Integer DLP Status code.  
        DLP Status code - short description .iso.org.dod.internet.private.enterprises.checkpoint.products.dlp.dlpStatusShortDesc
        .1.3.6.1.4.1.2620.1.44.102
        String DLP Status code - short description.  
        DLP Status code - long description .iso.org.dod.internet.private.enterprises.checkpoint.products.dlp.dlpStatusLongDesc
        .1.3.6.1.4.1.2620.1.44.103
        String DLP Status code - long description.  
    • (VI-3-K) Anti-Virus

      Show / Hide this subsection
      • Counters ($CPDIR/lib/snmp/chkpnt.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        Update status .iso.org.dod.internet.private.enterprises.checkpoint.products.amw.amwAVUpdate.amwAVUpdateStatus
        .1.3.6.1.4.1.2620.1.46.5.1
        String Update status:
        • failed
        • up-to-date
        • new
        • degrade
        • unknown
         
        Update description .iso.org.dod.internet.private.enterprises.checkpoint.products.amw.amwAVUpdate.amwAVUpdateDesc
        .1.3.6.1.4.1.2620.1.46.5.2
        String Update description.  
        Next update description .iso.org.dod.internet.private.enterprises.checkpoint.products.amw.amwAVUpdate.amwAVNextUpdate
        .1.3.6.1.4.1.2620.1.46.5.3
        String Next update description.  
        Database version .iso.org.dod.internet.private.enterprises.checkpoint.products.amw.amwAVUpdate.amwAVVersion
        .1.3.6.1.4.1.2620.1.46.5.4
        String Database version.  
        Subscription status .iso.org.dod.internet.private.enterprises.checkpoint.products.amw.antiVirusSubscription.antiVirusSubscriptionStatus
        .1.3.6.1.4.1.2620.1.46.3.1
        String Subscription status:
        • valid
        • expired
        • about-to-expire
        • not-associated
        • unknown
         
        Subscription expiration date .iso.org.dod.internet.private.enterprises.checkpoint.products.amw.antiVirusSubscription.antiVirusSubscriptionExpDate
        .1.3.6.1.4.1.2620.1.46.3.2
        String Subscription expiration date.  
        Subscription description .iso.org.dod.internet.private.enterprises.checkpoint.products.amw.antiVirusSubscription.antiVirusSubscriptionDesc
        .1.3.6.1.4.1.2620.1.46.3.3
        String Subscription description.  
        Status code .iso.org.dod.internet.private.enterprises.checkpoint.products.amw.amwStatusCode
        .1.3.6.1.4.1.2620.1.46.101
        Integer Anti-Virus status code.  
        Anti-Virus status - short description .iso.org.dod.internet.private.enterprises.checkpoint.products.amw.amwStatusShortDesc
        .1.3.6.1.4.1.2620.1.46.102
        String Anti-Virus status - short description.  
        Anti-Virus status - long description .iso.org.dod.internet.private.enterprises.checkpoint.products.amw.amwStatusLongDesc
        .1.3.6.1.4.1.2620.1.46.103
        String Anti-Virus status - long description.  
    • (VI-3-L) Anti-Bot

      Show / Hide this subsection
      • Counters ($CPDIR/lib/snmp/chkpnt.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        Update status .iso.org.dod.internet.private.enterprises.checkpoint.products.amw.amwABUpdate.amwABUpdateStatus
        .1.3.6.1.4.1.2620.1.46.1.1
        String Update status:
        • failed
        • up-to-date
        • new
        • degrade
        • unknown
         
        Update description .iso.org.dod.internet.private.enterprises.checkpoint.products.amw.amwABUpdate.amwABUpdateDesc
        .1.3.6.1.4.1.2620.1.46.1.2
        String Update description.  
        Next update description .iso.org.dod.internet.private.enterprises.checkpoint.products.amw.amwABUpdate.amwABNextUpdate
        .1.3.6.1.4.1.2620.1.46.1.3
        String Next update description.  
        Database version .iso.org.dod.internet.private.enterprises.checkpoint.products.amw.amwABUpdate.amwABVersion
        .1.3.6.1.4.1.2620.1.46.1.4
        String Database version.  
        Subscription status .iso.org.dod.internet.private.enterprises.checkpoint.products.amw.antiBotSubscription.antiBotSubscriptionStatus
        .1.3.6.1.4.1.2620.1.46.2.1
        String Subscription status:
        • valid
        • expired
        • about-to-expire
        • not-associated
        • unknown
         
        Subscription expiration date .iso.org.dod.internet.private.enterprises.checkpoint.products.amw.antiBotSubscription.antiBotSubscriptionExpDate
        .1.3.6.1.4.1.2620.1.46.2.2
        String Subscription expiration date.  
        Subscription description .iso.org.dod.internet.private.enterprises.checkpoint.products.amw.antiBotSubscription.antiBotSubscriptionDesc
        .1.3.6.1.4.1.2620.1.46.2.3
        String Subscription description.  
        Anti-Bot status code .iso.org.dod.internet.private.enterprises.checkpoint.products.amw.amwStatusCode
        .1.3.6.1.4.1.2620.1.46.101
        Integer Anti-Bot status code.  
        Anti-Bot status - short description .iso.org.dod.internet.private.enterprises.checkpoint.products.amw.amwStatusShortDesc
        .1.3.6.1.4.1.2620.1.46.102
        String Anti-Bot status - short description.  
        Anti-Bot status - long description .iso.org.dod.internet.private.enterprises.checkpoint.products.amw.amwStatusLongDesc
        .1.3.6.1.4.1.2620.1.46.103
        String Anti-Bot status - long description.  
    • (VI-3-M) Anti-Spam

      Show / Hide this subsection
      • Counters ($CPDIR/lib/snmp/chkpnt.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        Update status .iso.org.dod.internet.private.enterprises.checkpoint.products.amw.amwABUpdate.amwABUpdateStatus
        .1.3.6.1.4.1.2620.1.46.1.1
        String Update status:
        • failed
        • up-to-date
        • new
        • degrade
        • unknown
         
        Update description .iso.org.dod.internet.private.enterprises.checkpoint.products.amw.amwABUpdate.amwABUpdateDesc
        .1.3.6.1.4.1.2620.1.46.1.2
        String Update description.  
        Next update description .iso.org.dod.internet.private.enterprises.checkpoint.products.amw.amwABUpdate.amwABNextUpdate
        .1.3.6.1.4.1.2620.1.46.1.3
        String Next update description.  
        Database version .iso.org.dod.internet.private.enterprises.checkpoint.products.amw.amwABUpdate.amwABVersion
        .1.3.6.1.4.1.2620.1.46.1.4
        String Database version.  
        Subscription status .iso.org.dod.internet.private.enterprises.checkpoint.products.amw.antiSpamSubscription.antiSpamSubscriptionStatus
        .1.3.6.1.4.1.2620.1.46.4.1
        String Subscription status:
        • valid
        • expired
        • about-to-expire
        • not-associated
        • unknown
         
        Subscription expiration date .iso.org.dod.internet.private.enterprises.checkpoint.products.amw.antiSpamSubscription.antiSpamSubscriptionExpDate
        .1.3.6.1.4.1.2620.1.46.4.2
        String Subscription expiration date.  
        Subscription description .iso.org.dod.internet.private.enterprises.checkpoint.products.amw.antiSpamSubscription.antiSpamSubscriptionDesc
        .1.3.6.1.4.1.2620.1.46.4.3
        String Subscription description.  
        Anti-Spam status code .iso.org.dod.internet.private.enterprises.checkpoint.products.amw.amwStatusCode
        .1.3.6.1.4.1.2620.1.46.101
        Integer Anti-Spam status code.  
        Anti-Spam status - short description .iso.org.dod.internet.private.enterprises.checkpoint.products.amw.amwStatusShortDesc
        .1.3.6.1.4.1.2620.1.46.102
        String Anti-Spam status - short description.  
        Anti-Spam status - long description .iso.org.dod.internet.private.enterprises.checkpoint.products.amw.amwStatusLongDesc
        .1.3.6.1.4.1.2620.1.46.103
        String Anti-Spam status - long description.  
    • (VI-3-N) Identity Awareness

      Show / Hide this subsection
      • Counters ($CPDIR/lib/snmp/chkpnt.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        Number of users authenticated to Identity Awareness gateway .iso.org.dod.internet.private.enterprises.checkpoint.products.identityAwareness.identityAwarenessAuthUsers
        .1.3.6.1.4.1.2620.1.38.2
        Integer Number of users authenticated to Identity Awareness gateway.  
        Number of unauthenticated guests on Identity Awareness gateway .iso.org.dod.internet.private.enterprises.checkpoint.products.identityAwareness.identityAwarenessUnAuthUsers
        .1.3.6.1.4.1.2620.1.38.3
        Integer Number of unauthenticated guests on Identity Awareness gateway.  
        Number of users that are logged in with Identity Agents .iso.org.dod.internet.private.enterprises.checkpoint.products.identityAwareness.identityAwarenessLoggedInAgent
        .1.3.6.1.4.1.2620.1.38.9
        Integer Number of users that are logged in with Identity Agents.  
        Number of users that are logged in with Captive Portal .iso.org.dod.internet.private.enterprises.checkpoint.products.identityAwareness.identityAwarenessLoggedInCaptivePortal
        .1.3.6.1.4.1.2620.1.38.10
        Integer Number of users that are logged in with Captive Portal.  
        Number of users that are logged in with ADQuery .iso.org.dod.internet.private.enterprises.checkpoint.products.identityAwareness.identityAwarenessLoggedInADQuery
        .1.3.6.1.4.1.2620.1.38.11
        Integer Number of users that are logged in with ADQuery.  
        Number of successful LDAP queries .iso.org.dod.internet.private.enterprises.checkpoint.products.identityAwareness.identityAwarenessSuccUserLDAP
        .1.3.6.1.4.1.2620.1.38.21
        Integer Number of successful LDAP queries.  
        Number of failed LDAP queries .iso.org.dod.internet.private.enterprises.checkpoint.products.identityAwareness.identityAwarenessUnSuccUserLDAP
        .1.3.6.1.4.1.2620.1.38.22
        Integer Number of failed LDAP queries.  
        Amount of data transmitted by Identity Awareness gateway .iso.org.dod.internet.private.enterprises.checkpoint.products.identityAwareness.identityAwarenessDataTrans
        .1.3.6.1.4.1.2620.1.38.23
        Integer Amount of data transmitted by Identity Awareness gateway.  
        Number of identities logged in with RADIUS Accounting .iso.org.dod.internet.private.enterprises.checkpoint.products.identityAwareness.identityAwarenessRADIUSAccounting
        .1.3.6.1.4.1.2620.1.38.39
        Integer Number of identities logged in with RADIUS Accounting.  
        Number of identities logged in with Identity Collector Active Directory .iso.org.dod.internet.private.enterprises.checkpoint.products.identityAwareness.identityAwarenessIdentityCollectorActiveDirectory
        .1.3.6.1.4.1.2620.1.38.40
        Integer Number of identities logged in with Identity Collector Active Directory.  
        Number of identities logged in with Identity Collector Cisco ISE .iso.org.dod.internet.private.enterprises.checkpoint.products.identityAwareness.identityAwarenessIdentityCollectorCiscoISE
        .1.3.6.1.4.1.2620.1.38.41
        Integer Number of identities logged in with Identity Collector Cisco ISE.  
        Number of identities logged in with Terminal Server .iso.org.dod.internet.private.enterprises.checkpoint.products.identityAwareness.identityAwarenessTerminalServer
        .1.3.6.1.4.1.2620.1.38.42
        Integer Number of identities logged in with Terminal Server.  
        Number of identities logged in with Remote Access .iso.org.dod.internet.private.enterprises.checkpoint.products.identityAwareness.identityAwarenessRemoteAccess
        .1.3.6.1.4.1.2620.1.38.43
        Integer Number of identities logged in with Remote Access.  
        Number of identities logged in with Identity Web API .iso.org.dod.internet.private.enterprises.checkpoint.products.identityAwareness.identityAwarenessIdentityWebAPI
        .1.3.6.1.4.1.2620.1.38.44
        Integer Number of identities logged in with Identity Web API.  
        Table with information for distributed environments .iso.org.dod.internet.private.enterprises.checkpoint.products.identityAwareness.identityAwarenessDistributedEnvTable
        .1.3.6.1.4.1.2620.1.38.24
        Table Table with information for distributed environments:
        • Name of Identity Awareness gateway
        • Number of disconnections
        • Number of brute force attack detected
        • Status of Identity Awareness gateway
        • Is it local Identity Awareness gateway?
         
        Table with information for AD Query .iso.org.dod.internet.private.enterprises.checkpoint.products.identityAwareness.identityAwarenessADQueryStatusTable
        .1.3.6.1.4.1.2620.1.38.25
        Table Table with information for AD Query:
        • Status of AD Query
        • Domain name
        • Domain IP
        • Number of events
         
        Identity Awareness status code .iso.org.dod.internet.private.enterprises.checkpoint.products.identityAwareness.identityAwarenessStatus
        .1.3.6.1.4.1.2620.1.38.101
        Integer Identity Awareness status code.  
        Identity Awareness status - short description .iso.org.dod.internet.private.enterprises.checkpoint.products.identityAwareness.identityAwarenessStatusShortDesc
        .1.3.6.1.4.1.2620.1.38.102
        String Identity Awareness status - short description.  
        Identity Awareness status - long description .iso.org.dod.internet.private.enterprises.checkpoint.products.identityAwareness.identityAwarenessStatusLongDesc
        .1.3.6.1.4.1.2620.1.38.103
        String Identity Awareness status - long description.  
    • (VI-3-O) Threat Emulation

      Show / Hide this subsection
      • Counters ($CPDIR/lib/snmp/chkpnt.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        Threat Emulation Update status .iso.org.dod.internet.private.enterprises.checkpoint.products.te.teUpdateStatus
        .1.3.6.1.4.1.2620.1.49.16
        String Threat Emulation Update status:
        • failed
        • up-to-date
        • new
        • degrade
        • downloading
        • unknown
         
        Threat Emulation Update description .iso.org.dod.internet.private.enterprises.checkpoint.products.te.teUpdateDesc
        .1.3.6.1.4.1.2620.1.49.17
        String Threat Emulation Update description.  
        Threat Emulation Subscription expiration date .iso.org.dod.internet.private.enterprises.checkpoint.products.te.teSubscriptionExpDate
        .1.3.6.1.4.1.2620.1.49.20
        String Threat Emulation Subscription expiration date  
        Threat Emulation Subscription status .iso.org.dod.internet.private.enterprises.checkpoint.products.te.teSubscriptionStatus
        .1.3.6.1.4.1.2620.1.49.25
        String Threat Emulation Subscription status:
        • up-to-date
        • expired
        • about-to-expire
        • not-associated
        • unknown
         
        Threat Emulation Cloud Subscription status .iso.org.dod.internet.private.enterprises.checkpoint.products.te.teCloudSubscriptionStatus
        .1.3.6.1.4.1.2620.1.49.26
        String Threat Emulation Cloud Subscription status:
        • up-to-date
        • expired
        • about-to-expire
        • not-associated
        • unknown
         
        Threat Emulation Subscription description .iso.org.dod.internet.private.enterprises.checkpoint.products.te.teSubscriptionDesc
        .1.3.6.1.4.1.2620.1.49.27
        Format Threat Emulation Subscription description.  
        Threat Emulation status code .iso.org.dod.internet.private.enterprises.checkpoint.products.te.teStatusCode
        .1.3.6.1.4.1.2620.1.49.101
        Integer Threat Emulation status code.  
        Threat Emulation status - short description .iso.org.dod.internet.private.enterprises.checkpoint.products.te.teStatusShortDesc
        .1.3.6.1.4.1.2620.1.49.102
        String Threat Emulation status - short description.  
        Threat Emulation status - long description .iso.org.dod.internet.private.enterprises.checkpoint.products.te.teStatusLongDesc
        .1.3.6.1.4.1.2620.1.49.103
        String Threat Emulation status - long description.  
    • (VI-3-P) Threat Extraction

      Show / Hide this subsection

      Note: The unfortunate spelling mistake in the object name "treatExtarction" was already reported to Check Point (Issue ID 02022008).

      • Counters ($CPDIR/lib/snmp/chkpnt.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        Threat Extraction Subscription status .iso.org.dod.internet.private.enterprises.checkpoint.products.treatExtarction.treatExtarctionSubscription.treatExtarctionSubscriptionStatus
        .1.3.6.1.4.1.2620.1.50.1.1
        String Threat Extraction Subscription status:
        • valid
        • expired
        • about-to-expire
        • not-associated
        • unknown
         
        Threat Extraction Subscription expiration date .iso.org.dod.internet.private.enterprises.checkpoint.products.treatExtarction.treatExtarctionSubscription.treatExtarctionSubscriptionExpDate
        .1.3.6.1.4.1.2620.1.50.1.2
        String Threat Extraction Subscription expiration date.  
        Threat Extraction Subscription description .iso.org.dod.internet.private.enterprises.checkpoint.products.treatExtarction.treatExtarctionSubscription.treatExtarctionSubscriptionDesc
        .1.3.6.1.4.1.2620.1.50.1.3
        String Threat Extraction Subscription description.  
        Total number of scanned attachments .iso.org.dod.internet.private.enterprises.checkpoint.products.treatExtarction.treatExtarctionStatistics.treatExtarctionTotalScannedAttachments
        .1.3.6.1.4.1.2620.1.50.2.1
        Integer Total number of scanned attachments.  
        Total number of cleaned attachments .iso.org.dod.internet.private.enterprises.checkpoint.products.treatExtarction.treatExtarctionStatistics.treatExtarctionCleanedAttachments
        .1.3.6.1.4.1.2620.1.50.2.2
        Integer Total number of cleaned attachments.  
        Total number of original attachments accesses .iso.org.dod.internet.private.enterprises.checkpoint.products.treatExtarction.treatExtarctionStatistics.treatExtarctionOriginalAttachmentsAccesses
        .1.3.6.1.4.1.2620.1.50.2.3
        Integer Total number of original attachments accesses.  
        Threat Extraction status code .iso.org.dod.internet.private.enterprises.checkpoint.products.treatExtarction.treatExtarctionStatusCode
        .1.3.6.1.4.1.2620.1.50.101
        Integer Threat Extraction status code.  
        Threat Extraction status - short description .iso.org.dod.internet.private.enterprises.checkpoint.products.treatExtarction.treatExtarctionStatusShortDesc
        .1.3.6.1.4.1.2620.1.50.102
        String Threat Extraction status - short description.  
        Threat Extraction status - long description .iso.org.dod.internet.private.enterprises.checkpoint.products.treatExtarction.treatExtarctionStatusLongDesc
        .1.3.6.1.4.1.2620.1.50.103
        String Threat Extraction status - long description.  
    • (VI-3-Q) VoIP

      Show / Hide this subsection
      • Counters ($CPDIR/lib/snmp/chkpnt.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        Total number of SIP Requests to the Internal Network per Interval - in seconds .iso.org.dod.internet.private.enterprises.checkpoint.products.voip.voipDOS.voipDOSSip.voipDOSSipNetwork.voipDOSSipNetworkReqInterval
        .1.3.6.1.4.1.2620.1.31.6.1.1.1
        Integer Total number of SIP Requests to the Internal Network per Interval: Interval in seconds.  
        Total number of SIP Requests to the Internal Network per Interval - configured threshold .iso.org.dod.internet.private.enterprises.checkpoint.products.voip.voipDOS.voipDOSSip.voipDOSSipNetwork.voipDOSSipNetworkReqConfThreshold
        .1.3.6.1.4.1.2620.1.31.6.1.1.2
        Integer Total number of SIP Requests to the Internal Network per Interval: Configured Threshold.  
        Total number of SIP Requests to the Internal Network per Interval - current value .iso.org.dod.internet.private.enterprises.checkpoint.products.voip.voipDOS.voipDOSSip.voipDOSSipNetwork.voipDOSSipNetworkReqCurrentVal
        .1.3.6.1.4.1.2620.1.31.6.1.1.3
        Integer Total number of SIP Requests to the Internal Network per Interval: current value.  
        Total number of SIP 'REGISTER' Requests to the Internal Network per Interval - in seconds .iso.org.dod.internet.private.enterprises.checkpoint.products.voip.voipDOS.voipDOSSip.voipDOSSipNetwork.voipDOSSipNetworkRegInterval
        .1.3.6.1.4.1.2620.1.31.6.1.1.4
        Integer Total number of SIP 'REGISTER' Requests to the Internal Network per Interval: Interval in seconds.  
        Total number of SIP 'REGISTER' Requests to the Internal Network per Interval - configured threshold .iso.org.dod.internet.private.enterprises.checkpoint.products.voip.voipDOS.voipDOSSip.voipDOSSipNetwork.voipDOSSipNetworkRegConfThreshold
        .1.3.6.1.4.1.2620.1.31.6.1.1.5
        Integer Total number of SIP 'REGISTER' Requests to the Internal Network per Interval: Configured Threshold.  
        Total number of SIP 'REGISTER' Requests to the Internal Network per Interval - current value .iso.org.dod.internet.private.enterprises.checkpoint.products.voip.voipDOS.voipDOSSip.voipDOSSipNetwork.voipDOSSipNetworkRegCurrentVal
        .1.3.6.1.4.1.2620.1.31.6.1.1.6
        Integer Total number of SIP 'REGISTER' Requests to the Internal Network per Interval: current value.  
        Total number of SIP Call Initiations to the Internal Network per Interval - in seconds .iso.org.dod.internet.private.enterprises.checkpoint.products.voip.voipDOS.voipDOSSip.voipDOSSipNetwork.voipDOSSipNetworkCallInitInterval
        .1.3.6.1.4.1.2620.1.31.6.1.1.7
        Integer Total number of SIP Call Initiations to the Internal Network per Interval: Interval in seconds.  
        Total number of SIP Call Initiations to the Internal Network per Interval - configured threshold .iso.org.dod.internet.private.enterprises.checkpoint.products.voip.voipDOS.voipDOSSip.voipDOSSipNetwork.voipDOSSipNetworkCallInitConfThreshold
        .1.3.6.1.4.1.2620.1.31.6.1.1.8
        Integer Total number of SIP Call Initiations to the Internal Network per Interval: Configured Threshold.  
        Total number of SIP Call Initiations to the Internal Network per Interval - current value .iso.org.dod.internet.private.enterprises.checkpoint.products.voip.voipDOS.voipDOSSip.voipDOSSipNetwork.voipDOSSipNetworkCallInitICurrentVal
        .1.3.6.1.4.1.2620.1.31.6.1.1.9
        Integer Total number of SIP Call Initiations to the Internal Network per Interval: current value.  
        Table with information about for Rate Limiting defense for Internal SIP Servers .iso.org.dod.internet.private.enterprises.checkpoint.products.voip.voipDOS.voipDOSSip.voipDOSSipRateLimitingTable
        .1.3.6.1.4.1.2620.1.31.6.1.2
        Table Table with information about for Rate Limiting defense for Internal SIP Servers - counting blocked URLs of the most frequent blocked users in the last day:
        • IP Address
        • Interval (in seconds)
        • Configured Threshold for Number of SIP Requests
        • Number of SIP Requests
        • Number of SIP Requests from Trusted Users
        • Number of SIP Requests from Non-Trusted Users
        • Number of SIP Requests from Non-Trusted Users
         
        VoIP status code .iso.org.dod.internet.private.enterprises.checkpoint.products.voip.voipStatCode
        .1.3.6.1.4.1.2620.1.31.101
        Integer VoIP status code.  
        VoIP status - short description .iso.org.dod.internet.private.enterprises.checkpoint.products.voip.voipStatShortDescr
        .1.3.6.1.4.1.2620.1.31.102
        String VoIP status - short description.  
        VoIP status - long description .iso.org.dod.internet.private.enterprises.checkpoint.products.voip.voipStatLongDescr
        .1.3.6.1.4.1.2620.1.31.103
        String VoIP status - long description.  
    • (VI-3-R) LTE / FireWall-GX

      Show / Hide this subsection
      • Counters ($CPDIR/lib/snmp/chkpnt.mib)

        Refer to the OID branch .iso.org.dod.internet.private.enterprises.checkpoint.products.gx (.1.3.6.1.4.1.2620.1.20).

    • (VI-3-S) QoS

      Show / Hide this subsection
      • Counters ($CPDIR/lib/snmp/chkpnt.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Notes for
        VSX mode
        QoS policy name .iso.org.dod.internet.private.enterprises.checkpoint.products.fg.fgStrPolicyName
        .1.3.6.1.4.1.2620.1.3.6
        String QoS policy name.  
        QoS policy name installation time .iso.org.dod.internet.private.enterprises.checkpoint.products.fg.fgInstallTime
        .1.3.6.1.4.1.2620.1.3.7
        String QoS policy name installation time.  
        Number of interfaces used in QoS policy .iso.org.dod.internet.private.enterprises.checkpoint.products.fg.fgNumInterfaces
        .1.3.6.1.4.1.2620.1.3.8
        String Number of interfaces used in QoS policy.  
        Table with QoS statistics per interface .iso.org.dod.internet.private.enterprises.checkpoint.products.fg.fgIfTable
        .1.3.6.1.4.1.2620.1.3.9
        Table Table with QoS statistics per interface:
        • Name of Interface
        • Name of QoS Policy
        • Inbound Rate Limit
        • Outbound Rate Limit
        • Average Inbound Rate Limit
        • Average Outbound Rate Limit
        • Retransmitted Inbound Packets
        • Retransmitted Outbound Packets
        • Pending Inbound Packets
        • Pending Outbound Packets
        • Pending Inbound Bytes
        • Pending Outbound Bytes
        • Number of Inbound Connections
        • Number of Outbound Connections
         
    • (VI-3-T) Security Management Server

      Show / Hide this subsection
      • Counters ($CPDIR/lib/snmp/chkpnt.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Status of FWM daemon on Management Server .iso.org.dod.internet.private.enterprises.checkpoint.products.mngmt.mgFwmIsAlive
        .1.3.6.1.4.1.2620.1.7.6
        Integer Status of FWM daemon on Management Server:
        • 0 - daemon is down
        • 1 - daemon is up
        Management HA - Status of Security Management Server .iso.org.dod.internet.private.enterprises.checkpoint.products.mngmt.mgActiveStatus
        .1.3.6.1.4.1.2620.1.7.5
        String Status of Security Management Server in Management High Availability:
        • active
        • standby
        Management HA - Synchronization journals .iso.org.dod.internet.private.enterprises.checkpoint.products.mngmt.mgMgmtHAJournals
        .1.3.6.1.4.1.2620.1.7.9
        String Synchronization journals in Management High Availability.
        Management Server License violation .iso.org.dod.internet.private.enterprises.checkpoint.products.mngmt.mgIsLicenseViolation
        .1.3.6.1.4.1.2620.1.7.10
        Integer A Management Server License violation was detected:
        • 0 - no License violation
        • 1 - License violation was detected
        Management Server License violation message .iso.org.dod.internet.private.enterprises.checkpoint.products.mngmt.mgLicenseViolationMsg
        .1.3.6.1.4.1.2620.1.7.11
        String A message about detected Management Server License violation.
        Log Receive Rate .iso.org.dod.internet.private.enterprises.checkpoint.products.mngmt.mgLogServerInfo.mgLSLogReceiveRate
        .1.3.6.1.4.1.2620.1.7.14.1
        Integer Log Receive Rate on Management Server / Log Server. Refer to sk120341.
        Log Receive Rate Peak .iso.org.dod.internet.private.enterprises.checkpoint.products.mngmt.mgLogServerInfo.mgLSLogReceiveRatePeak
        .1.3.6.1.4.1.2620.1.7.14.2
        Integer Log Receive Rate Peak on Management Server / Log Server. Refer to sk120341.
        Log Receive Rate Last 10 Minutes .iso.org.dod.internet.private.enterprises.checkpoint.products.mngmt.mgLogServerInfo.mgLSLogReceiveRate10Min
        .1.3.6.1.4.1.2620.1.7.14.3
        Integer Log Receive Rate Last 10 Minutes on Management Server / Log Server. Refer to sk120341.
        Log Receive Rate Last Hour .iso.org.dod.internet.private.enterprises.checkpoint.products.mngmt.mgLogServerInfo.mgLSLogReceiveRate1Hour
        .1.3.6.1.4.1.2620.1.7.14.6
        Integer Log Receive Rate Last Hour on Management Server / Log Server. Refer to sk120341.
        Table with information about connected Security Gateways .iso.org.dod.internet.private.enterprises.checkpoint.products.mngmt.mgLogServerInfo.mgConnectedGatewaysTable
        .1.3.6.1.4.1.2620.1.7.14.4
        Table Table with information about Security Gateways sending logs to this Management Server / Log Server (refer to sk120341):
        • Security Gateway Object Name / IP Address
        • Security Gateway state (Disconnected; Connected)
        • Security Gateway Last Login Time
        • Security Gateway Log Receive Rate
        Information about connected SmartConsole clients .iso.org.dod.internet.private.enterprises.checkpoint.products.mngmt.mgConnectedClientsTable
        .1.3.6.1.4.1.2620.1.7.7
        Table Information about connected SmartConsole clients:
        • Client Name
        • Client Host
        • Client Database Lock
        • SmartConsole Application Type
        Management HA Synchronization status code .iso.org.dod.internet.private.enterprises.checkpoint.products.mngmt.mgStatCode
        .1.3.6.1.4.1.2620.1.7.101
        Integer Management HA Synchronization status code:
        • 0 - OK
        • 1 - Attention
        • 2 - Problem
        Management HA Synchronization status - short description .iso.org.dod.internet.private.enterprises.checkpoint.products.mngmt.mgStatShortDescr
        .1.3.6.1.4.1.2620.1.7.102
        String Management HA Synchronization status - short description.
        Management HA Synchronization status - long description .iso.org.dod.internet.private.enterprises.checkpoint.products.mngmt.mgStatLongDescr
        .1.3.6.1.4.1.2620.1.7.103
        String Management HA Synchronization status - long description:
        • OK
        • Attention
        • Problem
    • (VI-3-U) SmartLog

      Show / Hide this subsection
      • Counters ($CPDIR/lib/snmp/chkpnt.mib)

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        Total number of read logs .iso.org.dod.internet.private.enterprises.checkpoint.products.mngmt.mgLogServerInfo.mgIndexerInfo.mgIndexerInfoTotalReadLogs
        .1.3.6.1.4.1.2620.1.7.14.5.1
        String Total number of read logs.
        Logs reading errors .iso.org.dod.internet.private.enterprises.checkpoint.products.mngmt.mgLogServerInfo.mgIndexerInfo.mgIndexerInfoTotalReadLogsErrors
        .1.3.6.1.4.1.2620.1.7.14.5.3
        String Total number of errors while reading logs.
        Logs reading rate .iso.org.dod.internet.private.enterprises.checkpoint.products.mngmt.mgLogServerInfo.mgIndexerInfo.mgIndexerInfoReadLogsRate
        .1.3.6.1.4.1.2620.1.7.14.5.6
        Integer Logs reading rate.
        Logs reading rate during last 10 minutes .iso.org.dod.internet.private.enterprises.checkpoint.products.mngmt.mgLogServerInfo.mgIndexerInfo.mgIndexerInfoReadLogsRate10min
        .1.3.6.1.4.1.2620.1.7.14.5.8
        Integer Logs reading rate during last 10 minutes.
        Logs reading rate during last 1 hour .iso.org.dod.internet.private.enterprises.checkpoint.products.mngmt.mgLogServerInfo.mgIndexerInfo.mgIndexerInfoReadLogsRate60min
        .1.3.6.1.4.1.2620.1.7.14.5.10
        Integer Logs reading rate during last 1 hour.
        Logs reading peak rate .iso.org.dod.internet.private.enterprises.checkpoint.products.mngmt.mgLogServerInfo.mgIndexerInfo.mgIndexerInfoReadLogsRatePeak
        .1.3.6.1.4.1.2620.1.7.14.5.12
        Integer Logs reading peak rate.
        Logs reading delay .iso.org.dod.internet.private.enterprises.checkpoint.products.mngmt.mgLogServerInfo.mgIndexerInfo.mgIndexerInfoReadLogsDelay
        .1.3.6.1.4.1.2620.1.7.14.5.13
        Integer Logs reading delay.
        Total number of indexed updates and logs .iso.org.dod.internet.private.enterprises.checkpoint.products.mngmt.mgLogServerInfo.mgIndexerInfo.mgIndexerInfoTotalUpdatesAndLogsIndexed
        .1.3.6.1.4.1.2620.1.7.14.5.2
        String Total number of indexed updates and logs.
        Indexing errors .iso.org.dod.internet.private.enterprises.checkpoint.products.mngmt.mgLogServerInfo.mgIndexerInfo.mgIndexerInfoTotalUpdatesAndLogsIndexedErrors
        .1.3.6.1.4.1.2620.1.7.14.5.4
        String Total number of errors while indexing updates and logs.
        Indexing rate of updates and logs .iso.org.dod.internet.private.enterprises.checkpoint.products.mngmt.mgLogServerInfo.mgIndexerInfo.mgIndexerInfoUpdatesAndLogsIndexedRate
        .1.3.6.1.4.1.2620.1.7.14.5.5
        Integer Indexing rate of updates and logs.
        Indexing rate of updates and logs during last 10 minutes .iso.org.dod.internet.private.enterprises.checkpoint.products.mngmt.mgLogServerInfo.mgIndexerInfo.mgIndexerInfoUpdatesAndLogsIndexedRate10min
        .1.3.6.1.4.1.2620.1.7.14.5.7
        Integer Indexing rate of updates and logs during last 10 minutes.
        Indexing rate of updates and logs during last 1 hour .iso.org.dod.internet.private.enterprises.checkpoint.products.mngmt.mgLogServerInfo.mgIndexerInfo.mgIndexerInfoUpdatesAndLogsIndexedRate60min
        .1.3.6.1.4.1.2620.1.7.14.5.9
        Integer Indexing rate of updates and logs during last 1 hour.
    • (VI-3-V) SmartEvent

      Show / Hide this subsection
      • Counters ($CPDIR/lib/snmp/chkpnt.mib)

        Information about SmartEvent Server:

        Enter the string to filter this table:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        cpsemd process status .iso.org.dod.internet.private.enterprises.checkpoint.products.eventiaAnalyzer.cpsemd.cpsemdProcAlive
        .1.3.6.1.4.1.2620.1.25.1.1
        Integer Status of cpsemd process:
        • 0 - process is down
        • 1 - process is up
        Number of handled new events .iso.org.dod.internet.private.enterprises.checkpoint.products.eventiaAnalyzer.cpsemd.cpsemdNewEventsHandled
        .1.3.6.1.4.1.2620.1.25.1.2
        Integer Number of handled new events.
        Number of handled updates .iso.org.dod.internet.private.enterprises.checkpoint.products.eventiaAnalyzer.cpsemd.cpsemdUpdatesHandled
        .1.3.6.1.4.1.2620.1.25.1.3
        Integer Number of handled updates.
        Current size of events database .iso.org.dod.internet.private.enterprises.checkpoint.products.eventiaAnalyzer.cpsemd.cpsemdCurrentDBSize
        .1.3.6.1.4.1.2620.1.25.1.5
        String Current size of events database.
        Capacity of events database .iso.org.dod.internet.private.enterprises.checkpoint.products.eventiaAnalyzer.cpsemd.cpsemdDBCapacity
        .1.3.6.1.4.1.2620.1.25.1.6
        String Capacity of events database.
        Number of events in database .iso.org.dod.internet.private.enterprises.checkpoint.products.eventiaAnalyzer.cpsemd.cpsemdNumEvents
        .1.3.6.1.4.1.2620.1.25.1.7
        Integer Number of events in events database.
        Available disk space for events database .iso.org.dod.internet.private.enterprises.checkpoint.products.eventiaAnalyzer.cpsemd.cpsemdDBDiskSpace
        .1.3.6.1.4.1.2620.1.25.1.8
        String Available disk space for events database.
        Is events database full? .iso.org.dod.internet.private.enterprises.checkpoint.products.eventiaAnalyzer.cpsemd.cpsemdDBIsFull
        .1.3.6.1.4.1.2620.1.25.1.10
        Integer Is events database full?
        • 0 - Database is not full
        • 1 - Database is full
        cpsemd process Status code .iso.org.dod.internet.private.enterprises.checkpoint.products.eventiaAnalyzer.cpsemd.cpsemdStatCode
        .1.3.6.1.4.1.2620.1.25.1.101
        Integer cpsemd process Status code.
        cpsemd process Status code - short description .iso.org.dod.internet.private.enterprises.checkpoint.products.eventiaAnalyzer.cpsemd.cpsemdStatShortDescr
        .1.3.6.1.4.1.2620.1.25.1.102
        String cpsemd process Status code - short description.
        cpsemd process Status code - long description .iso.org.dod.internet.private.enterprises.checkpoint.products.eventiaAnalyzer.cpsemd.cpsemdStatLongDescr
        .1.3.6.1.4.1.2620.1.25.1.103
        String cpsemd process Status code - long description.

        Information about Correlation Units:

        Required
        Information
        Object Name,
        Object ID
        OID
        Format
        OID
        Description
        cpsead process status .iso.org.dod.internet.private.enterprises.checkpoint.products.eventiaAnalyzer.cpsead.cpseadProcAlive
        .1.3.6.1.4.1.2620.1.25.2.1
        Integer Status of cpsead process:
        • 0 - process is down
        • 1 - process is up
        Connection status to SmartEvent Server .iso.org.dod.internet.private.enterprises.checkpoint.products.eventiaAnalyzer.cpsead.cpseadConnectedToSem
        .1.3.6.1.4.1.2620.1.25.2.2
        Integer Connection status to SEM (is the Correlation Unit connected to the SmartEvent Server?):
        • 0 - not connected
        • 1 - connected
        Number of processed logs .iso.org.dod.internet.private.enterprises.checkpoint.products.eventiaAnalyzer.cpsead.cpseadNumProcessedLogs
        .1.3.6.1.4.1.2620.1.25.2.3
        String Number of processed logs.
        Free disk space .iso.org.dod.internet.private.enterprises.checkpoint.products.eventiaAnalyzer.cpsead.cpseadNoFreeDiskSpace
        .1.3.6.1.4.1.2620.1.25.2.5
        Integer Is there not enough free disk space on the Correlation Unit?
        • 0 - no free disk space
        • 1 - free disk space is available
        Table for with information about Correlation Units .iso.org.dod.internet.private.enterprises.checkpoint.products.eventiaAnalyzer.cpsemd.cpsemdCorrelationUnitTable
        .1.3.6.1.4.1.2620.1.25.1.9
        Table Table for with information about Correlation Units:
        • IP address of Correlation Unit
        • Time of last received event
        • Number of received events
        • Duration of connection to the Correlation Unit
        Table with information about Jobs .iso.org.dod.internet.private.enterprises.checkpoint.products.eventiaAnalyzer.cpsead.XXX
        .1.3.6.1.4.1.2620.1.25.2.X
        Table Table with information about Jobs:
        • Job ID
        • Job name
        • Job state
        • Is job online?
        • IP address of the Log Server, from which the job is reading logs
        • Data type being read (FireWall log, or Audit log)
        • Is the Correlation Unit connected to the Log Server?
        • Number of analyzed logs
        • Name of the file, from which the job is reading logs
        • Current position in the file
        • State description code (for the state description in the next OID)
        • State description (provides more info regarding the job's state (OID 4); for instance, details errors)
        cpsead process Status code .iso.org.dod.internet.private.enterprises.checkpoint.products.eventiaAnalyzer.cpsead.cpseadStatCode
        .1.3.6.1.4.1.2620.1.25.2.101
        Integer cpsead process Status code.
        cpsead process Status code - short description .iso.org.dod.internet.private.enterprises.checkpoint.products.eventiaAnalyzer.cpsead.cpseadStatShortDescr
        .1.3.6.1.4.1.2620.1.25.2.102
        String cpsead process Status code - short description.
        cpsead process Status code - long description .iso.org.dod.internet.private.enterprises.checkpoint.products.eventiaAnalyzer.cpsead.cpseadStatLongDescr
        .1.3.6.1.4.1.2620.1.25.2.103
        String cpsead process Status code - long description.

 

Show / Hide related documentation

 

Show / Hide related solutions

 

(IX) Revision History

Show / Hide revision history
Date Description
21 Oct 2017
  • Added subsection "FAQ" in section "Query VSX Gateway over SNMP"
  • Added section "Common used SNMP OIDs"
26 Feb 2017
  • Added information about custom SNMP traps for SNMPv3 user that uses SHA / AES authentication
12 Jan 2017
27 Oct 2016
  • Article was updated by merging the information from other articles.
07 Jan 2013
  • First release of this article
Applies To:
  • This SK replaces sk34054, sk73800, sk78360, sk79280, sk92999, sk94884, sk97692, sk106787
  • 02331970 , PRHF-996, 02337948 , 02439567 , 02350204 , 02452006
  • 02456573 , PRHF-997 , 02457745
  • 01855634
  • 01466618
  • 01510241 , 01709105 , 01517283 , 01788651 , 01780979
  • 01525621 , 01709104 , 01781151 , 01788708 , 01526636 , 01860787
  • 01708280 , 01786542 , 01787201 , 01780981 , 01712300 , 01860789
  • 01814633 , 01818587 , 01831464 , 01860853
  • 01827496 , 01860903 , 01857285
  • 01818312 , 01860924 , 01857281

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment