https://community.checkpoint.com/t5/Firewall-and-Security-Management/Strange-SNMP-problems-on-GAIA/m-p/141816#M27025 <P>Well, we use a monitoring software "LibreNMS", which does a discovery every few hours. For such a discovery, it pulls pretty large MIB ranges (if not ALL available), to fill it´s database.&nbsp;</P><P>Strange thing is, most of our firewalls do not have any problems with that...</P> Thu, 17 Feb 2022 17:32:25 GMT NicoSeuss 2022-02-17T17:32:25Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Strange-SNMP-problems-on-GAIA/m-p/141470#M26915 <P>Hi guys,</P><P>since some time (can't tell exactly when it started) we encounter some strange problems with SNMP.</P><P>When I do an snmpwalk, it times out after a few hundred lines. Some attempts provide more, some less lines on the same machine.</P><P>However, that is not on all machines. E.g. on a cluster one machine answers just fine, the other don't.</P><P>All machines are on R80.40.&nbsp;Hardware is&nbsp;Check Point 5800 and Check Point 6200P.&nbsp;</P><P>Most of the machines do NOT run VSX.</P><P>I made some tests and it looks like every attempt stops around MIB&nbsp;.1.3.6.1.2.1.25.3.2.1.1&nbsp;</P><P>&nbsp;</P><P>There is no special SNMP configuration, and identical on all machines:</P><LI-SPOILER>set snmp mode default<BR />set snmp agent on<BR />set snmp agent-version v3-Only<BR />add snmp interface Mgmt<BR />add snmp interface bond1<BR />add snmp usm user FWxxxxx security-level authPriv auth-pass-phrase-hashed xxxxxxxx privacy-pass-phrase-hashed xxxxxxxx privacy-protocol DES authentication-protocol MD5<BR />set snmp traps trap authorizationError disable<BR />set snmp traps trap biosFailure disable<BR />set snmp traps trap clusterXLFailover disable<BR />set snmp traps trap coldStart disable<BR />set snmp traps trap configurationChange disable<BR />set snmp traps trap configurationSave disable<BR />set snmp traps trap fanFailure disable<BR />set snmp traps trap highVoltage disable<BR />set snmp traps trap linkUpLinkDown disable<BR />set snmp traps trap lowDiskSpace disable<BR />set snmp traps trap lowVoltage disable<BR />set snmp traps trap overTemperature disable<BR />set snmp traps trap powerSupplyFailure disable<BR />set snmp traps trap raidVolumeState disable<BR />set snmp traps trap vrrpv2AuthFailure disable<BR />set snmp traps trap vrrpv2NewMaster disable<BR />set snmp traps trap vrrpv3NewMaster disable<BR />set snmp traps trap vrrpv3ProtoError disable<BR />set snmp contact "xxxxxxxxx"<BR />set snmp location "xxxxxxxxxx"<BR />set snmp traps advanced coldStart reboot-only off</LI-SPOILER><P>&nbsp;</P><P>Strange thing is, on machines, where everything works fine, I get around e.g. 14'000 lines of SNMPWALK, on machines where timeouts occure, sometimes I get above 65'000 or even over 100'000 lines back, before the timeout.</P><P>This way, one snmpwalk takes over half an hour...</P><P>One of the questions is: Why do I get so much different outputs on similar devices of a cluster?</P><P>&nbsp;</P><P>BTW: Increasing the timeout setting of snmpwalk does not help (it simply takes much longer).</P><P>&nbsp;</P><P>Versions are the same between the machines. E.g.</P><LI-SPOILER><P><BR />This is Check Point CPinfo Build 914000215 for GAIA<BR />[CPFC]<BR />No hotfixes..</P><P>[MGMT]<BR />HOTFIX_R80_40_JUMBO_HF_MAIN Take: 94</P><P>[IDA]<BR />No hotfixes..</P><P>[FW1]<BR />HOTFIX_GOT_TPCONF_AUTOUPDATE<BR />HOTFIX_R80_40_MAAS_TUNNEL_AUTOUPDATE<BR />HOTFIX_R80_40_JUMBO_HF_MAIN Take: 94</P><P>FW1 build number:<BR />This is Check Point's software version R80.40 - Build 118<BR />kernel: R80.40 - Build 104</P><P>[SecurePlatform]<BR />HOTFIX_R80_40_JUMBO_HF_MAIN Take: 94</P><P>[PPACK]<BR />HOTFIX_R80_40_JUMBO_HF_MAIN Take: 94</P><P>[CPinfo]<BR />No hotfixes..</P><P>[AutoUpdater]<BR />No hotfixes..</P><P>[CVPN]<BR />HOTFIX_R80_40_JUMBO_HF_MAIN Take: 94</P><P>[CPUpdates]<BR />BUNDLE_GENERAL_AUTOUPDATE Take: 12<BR />BUNDLE_CPSDC_AUTOUPDATE Take: 19<BR />BUNDLE_CORE_FILE_UPLOADER_AUTOUPDATE Take: 11<BR />BUNDLE_GOT_TPCONF_AUTOUPDATE Take: 97<BR />BUNDLE_R80_40_JUMBO_HF_MAIN_SC Take: 100<BR />BUNDLE_HCP_AUTOUPDATE Take: 48<BR />BUNDLE_R80_40_MAAS_TUNNEL_AUTOUPDATE Take: 44<BR />BUNDLE_INFRA_AUTOUPDATE Take: 52<BR />BUNDLE_DEP_INSTALLER_AUTOUPDATE Take: 23<BR />BUNDLE_R80_40_JUMBO_HF_MAIN Take: 94</P><P>[CPDepInst]<BR />No hotfixes..</P><P>[hcp_wrapper]<BR />HOTFIX_HCP_AUTOUPDATE</P><P>[DIAG]<BR />No hotfixes..</P><P>[core_uploader]<BR />HOTFIX_CHARON_HF</P><P>[cpsdc_wrapper]<BR />HOTFIX_CPSDC_AUTOUPDATE<BR /><BR /></P></LI-SPOILER><P>A while ago everything was fine. We updated to R80.40 from 77.30 in the past, but as far as I see, the problems started a while after that, so I don´t see a correlation here.</P><P>&nbsp;</P><P>Any ideas?&nbsp;</P><P>Please let me know, if you need more/special information.</P><P>&nbsp;</P><P>Thanks a lot in advance!</P><P>&nbsp;</P><P>Best regards</P><P>Nico</P> Mon, 14 Feb 2022 19:12:50 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Strange-SNMP-problems-on-GAIA/m-p/141470#M26915 NicoSeuss 2022-02-14T19:12:50Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Strange-SNMP-problems-on-GAIA/m-p/141718#M26916 <P>Best to open a TAC case here.</P> Wed, 16 Feb 2022 22:59:31 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Strange-SNMP-problems-on-GAIA/m-p/141718#M26916 PhoneBoy 2022-02-16T22:59:31Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Strange-SNMP-problems-on-GAIA/m-p/141720#M26917 <P>Is there a reason to walk the whole MIB versus get a specific OID?</P> Wed, 16 Feb 2022 23:13:15 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Strange-SNMP-problems-on-GAIA/m-p/141720#M26917 Chris_Atkinson 2022-02-16T23:13:15Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Strange-SNMP-problems-on-GAIA/m-p/141722#M26918 <P>Hey Nico,</P> <P>I know this is older sk, but it might be worth checking. TAC case would not hurt either, as it sure sounds like a very peculiar issue.</P> <P>Andy</P> <P><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk97947" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk97947</A></P> Wed, 16 Feb 2022 23:28:11 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Strange-SNMP-problems-on-GAIA/m-p/141722#M26918 the_rock 2022-02-16T23:28:11Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Strange-SNMP-problems-on-GAIA/m-p/141816#M27025 <P>Well, we use a monitoring software "LibreNMS", which does a discovery every few hours. For such a discovery, it pulls pretty large MIB ranges (if not ALL available), to fill it´s database.&nbsp;</P><P>Strange thing is, most of our firewalls do not have any problems with that...</P> Thu, 17 Feb 2022 17:32:25 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Strange-SNMP-problems-on-GAIA/m-p/141816#M27025 NicoSeuss 2022-02-17T17:32:25Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Strange-SNMP-problems-on-GAIA/m-p/141817#M26919 <P>Hi Andy,</P><P>thanks for the link, but in fact I already found this sk.</P><P>However, we do not have VSX running on most of the machines, which have the problems... So this must be another problem...</P><P>Best regards</P><P>Nico</P> Thu, 17 Feb 2022 17:36:08 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Strange-SNMP-problems-on-GAIA/m-p/141817#M26919 NicoSeuss 2022-02-17T17:36:08Z