Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
biskit
Advisor
Jump to solution

SNMP OID for VPN certificate expiry?

Is there a way to monitor the VPN certificate expiry date via SNMP?

I've been searching for an OID to use in my monitoring platform and haven't found one yet 🙄

Untitled.png

For bonus points, is there a way via SNMP to monitor the expiry date of InternalCA.p12 (as per sk158096)?  

Thanks,

Matt

 

0 Kudos
2 Solutions

Accepted Solutions
Tal_Paz-Fridman
Employee
Employee

Here are the OIDs

stattest get 1.3.6.1.4.1.2620.1.1.101    - status_code

stattest get 1.3.6.1.4.1.2620.1.1.102    - short_description

stattest get 1.3.6.1.4.1.2620.1.1.103    - long_description

 

We'll add it to the SK

https://support.checkpoint.com/results/sk/sk178304

SmartConsole shows a warning or error icon near the Security Gateway / Cluster object about an expiring VPN certificate

View solution in original post

0 Kudos
Hugo_vd_Kooij
Advisor

snmpget on OID 1.3.6.1.4.1.2620.1.1.102.0 will give you some information.

We will use it to create a ticket as soon as it is not OK. Giving us enough time to renew the certifcate in time.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>

View solution in original post

0 Kudos
5 Replies
Chris_Atkinson
Employee Employee
Employee

Improving monitoring of certificates is planned.

In general you can otherwise extend SNMP with bash scripts (refer sk90860) to achieve in lieu of official OIDs, if SNMP options are a must. 

CCSM R77/R80/ELITE
0 Kudos
Tal_Paz-Fridman
Employee
Employee

Here are the OIDs

stattest get 1.3.6.1.4.1.2620.1.1.101    - status_code

stattest get 1.3.6.1.4.1.2620.1.1.102    - short_description

stattest get 1.3.6.1.4.1.2620.1.1.103    - long_description

 

We'll add it to the SK

https://support.checkpoint.com/results/sk/sk178304

SmartConsole shows a warning or error icon near the Security Gateway / Cluster object about an expiring VPN certificate

0 Kudos
Piet_vd_Maas
Contributor

Is there any update of monitoring Certificates by SNMP? 

CCSM - CCTE - CCVS - CCMS
0 Kudos
PhoneBoy
Admin
Admin

Not as far as I know.
Note that in R82 we are adding additional monitoring for VPN…not sure how it will translate to SNMP.

0 Kudos
Hugo_vd_Kooij
Advisor

snmpget on OID 1.3.6.1.4.1.2620.1.1.102.0 will give you some information.

We will use it to create a ticket as soon as it is not OK. Giving us enough time to renew the certifcate in time.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events