This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
biskit
Advisor
‎2023-10-31 03:31 AM
Jump to solution

SNMP OID for VPN certificate expiry?

Is there a way to monitor the VPN certificate expiry date via SNMP?

I've been searching for an OID to use in my monitoring platform and haven't found one yet 🙄

Untitled.png

For bonus points, is there a way via SNMP to monitor the expiry date of InternalCA.p12 (as per sk158096)?  

Thanks,

Matt

 

0 Kudos
2 Solutions

Accepted Solutions
Tal_Paz-Fridman
Employee
Employee
‎2023-10-31 06:13 AM
Jump to solution

Here are the OIDs

stattest get 1.3.6.1.4.1.2620.1.1.101    - status_code

stattest get 1.3.6.1.4.1.2620.1.1.102    - short_description

stattest get 1.3.6.1.4.1.2620.1.1.103    - long_description

 

We'll add it to the SK

https://support.checkpoint.com/results/sk/sk178304

SmartConsole shows a warning or error icon near the Security Gateway / Cluster object about an expiring VPN certificate

View solution in original post

0 Kudos
Hugo_vd_Kooij
Advisor
‎2024-10-10 05:29 AM
In response to PhoneBoy
Jump to solution

snmpget on OID 1.3.6.1.4.1.2620.1.1.102.0 will give you some information.

We will use it to create a ticket as soon as it is not OK. Giving us enough time to renew the certifcate in time.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>

View solution in original post

0 Kudos
5 Replies
Chris_Atkinson
Employee Employee
Employee
‎2023-10-31 03:45 AM
Jump to solution

Improving monitoring of certificates is planned.

In general you can otherwise extend SNMP with bash scripts (refer sk90860) to achieve in lieu of official OIDs, if SNMP options are a must. 

CCSM R77/R80/ELITE
0 Kudos
Tal_Paz-Fridman
Employee
Employee
‎2023-10-31 06:13 AM
Jump to solution

Here are the OIDs

stattest get 1.3.6.1.4.1.2620.1.1.101    - status_code

stattest get 1.3.6.1.4.1.2620.1.1.102    - short_description

stattest get 1.3.6.1.4.1.2620.1.1.103    - long_description

 

We'll add it to the SK

https://support.checkpoint.com/results/sk/sk178304

SmartConsole shows a warning or error icon near the Security Gateway / Cluster object about an expiring VPN certificate

0 Kudos
Piet_vd_Maas
Contributor
‎2024-08-23 02:21 AM
In response to Tal_Paz-Fridman
Jump to solution

Is there any update of monitoring Certificates by SNMP? 

CCSM - CCTE - CCVS - CCMS
0 Kudos
PhoneBoy
Admin
Admin
‎2024-08-23 06:07 AM
In response to Piet_vd_Maas
Jump to solution

Not as far as I know.
Note that in R82 we are adding additional monitoring for VPN…not sure how it will translate to SNMP.

0 Kudos
Hugo_vd_Kooij
Advisor
‎2024-10-10 05:29 AM
In response to PhoneBoy
Jump to solution

snmpget on OID 1.3.6.1.4.1.2620.1.1.102.0 will give you some information.

We will use it to create a ticket as soon as it is not OK. Giving us enough time to renew the certifcate in time.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top