Hi PhoneBoy,

Thank you for your response, but I wouldn't to monitor only routing table. Is there any way to monitor only BGP state (Estabilished, Active, Connect or Idle)?

Thank you.

Alisson Lima

Hi  @PhoneBoy , Can you share the Number for SK?

@Hugo_Romero The link is above in one of the @PhoneBoy 's replies, but here is the SK number: sk90860

It looks like Checkpoint now supports the BGP OID - 

.1.3.6.1.2.1.15.3.1.3

I opened a TAC case and this is what they referred me too.   Running 81.20, so its possible its part of the 81.20 GAIA update

I'm not sure that's going to do what you hope it might.

bgpPeerFsmEstablishedTime, OID - ".1.3.6.1.2.1.15.3.1.16" may be an alternative depending on your objective.

Yes, that is nice for established time.  The point of my post is CP doesn't have this documented anywhere and suggested creating a script etc, when its not needed anymore.

Have you confirmed this by testing, my understand of the OID you referenced differs 

It works very well, in addition I have a nice little to add our SNMP monitoring Dashboard showing peer state, established time etc.  Makes it easier for support to look at this dashboard then remoting in to each firewall and running "show bgp peers"

In addition, I created a custom email alert should the BGP Peer state numerical values change from "established" so we get an email alert if a BGP peer session goes down.   Since CP only peers with the active, I had to add another SNMP check for "haidentifier" OID so the alert only looks for the state on the active member.

Whilst it has been a while since this post has received any update, using the link @PhoneBoy  provided I was able to successfully set up monitoring for BGP state via a custom SNMP OID. 

At a high level 

Stopped the SNMP agent 

Created a small shell script that basically ran a clish command and grep'd out my desired information, similar to below

echo ''
clish -c "show bgp peers" | egrep -o 'Established|OpenConfirm|OpenSent|Active|Connect|Idle'
echo ''

then I added this as an SNMP extend line to "/etc/snmp/userDefinedSettings.conf", similar to below

extend BGP_Status /bin/sh /var/log/my_script/BGP_Status.sh

restarted the SNMP agent. 

tested using the SNMP walk command (you need to have 127.0.0.1 under agent interfaces in order to use localhost)

snmpwalk -t 10 -v 2c -c netw0rks localhost NET-SNMP-AGENT-MIB::nsExtensions

from here i used the translate command 

snmptranslate -On NET-SNMP-EXTEND-MIB::nsExtendOutLine.\"BGP_Status\"

The value you get back should allow you to monitor via SNMP 

I hope it helps someone to get started at least, it is not the prettiest way to get the state and it wouldn't really work for multiple neighbours but for my scenario, it worked.