Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Contributor

What is SNMP OID for CP FW number of new connections?

Jump to solution

What is SNMP OID for CP FW number of new connections?

0 Kudos
2 Solutions

Accepted Solutions
Highlighted

Is this OID returning anything for you: .1.3.6.1.4.1.2620.1.1.26.11.6 ?

View solution in original post

Highlighted

As Hristo said, 1.3.6.1.4.1.2620.1.1.26.11.6.0 is the correct one. Works on enterprise appliances.

For SMB appliances, you have to use delta of 1.3.6.1.4.1.2620.1.1.25.3.0.

View solution in original post

20 Replies
Highlighted
Employee++
Employee++

Please review sk90860 section 2-D for more information.

0 Kudos
Highlighted
Contributor

Is it   .1.3.6.1.4.1.2620.1.1.25.22 ?  But OID Description:    "   Connections rate since last start of Check Point services.  ". I  feel uncertain.

0 Kudos
Highlighted
Contributor

[Expert@PNS-CP4607-02:0]# snmpwalk -v 2c -c vpn123 localhost .1.3.6.1.4.1.2620.1.1.25.22
SNMPv2-SMI::enterprises.2620.1.1.25.22 = No Such Instance currently exists at this OID

 

What is wrong with it?

0 Kudos
Highlighted
Employee++
Employee++

Try dropping the leading '.' and appending .0 to the end.

0 Kudos
Highlighted
Contributor

[Expert@PNS-CP4607-02:0]# snmpwalk -v 2c -c vpn123 localhost .1.3.6.1.4.1.2620.1.1.25.22.0
SNMPv2-SMI::enterprises.2620.1.1.25.22.0 = No Such Instance currently exists at this OID

0 Kudos
Highlighted
Employee++
Employee++

To confirm is this a standard security gateway or are you running VSX and what version?

Do the other OIDs in 2-D return integer values...

 

0 Kudos
Highlighted
Contributor
[Expert@PNS-CP4607-02:0]# fw ver
This is Check Point's software version R77.30 - Build 001

Simple distributed deploy GW but not VSX.
0 Kudos
Highlighted
Employee++
Employee++

Jumbo Take 351 GA and is your snmp monitoring generally working or does restarting the service help?

 

[Expert@HostName]# service snmpd status

[Expert@HostName]# service snmpd start

0 Kudos
Highlighted
Contributor
Restart service is useless and I don't want to install hotfix.
Can I [Expert@HostName]# service snmpd stop
and download latest mib file https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.DCFileAction&eventSubmit_d... replace $CPDIR/lib/snmp/chkpnt.mib in GW, then
[Expert@HostName]# service snmpd start
0 Kudos
Highlighted
Employee++
Employee++

 

Given the limited details provided...

If anything it might be related to the NET-SNMP package version, updates available via TAC.

0 Kudos
Highlighted

Is this OID returning anything for you: .1.3.6.1.4.1.2620.1.1.26.11.6 ?

View solution in original post

Highlighted

As Hristo said, 1.3.6.1.4.1.2620.1.1.26.11.6.0 is the correct one. Works on enterprise appliances.

For SMB appliances, you have to use delta of 1.3.6.1.4.1.2620.1.1.25.3.0.

View solution in original post

Highlighted
Contributor
It seem correct. How do you find it?
0 Kudos
Highlighted

I found it using this simple command:

# cat CHECKPOINT-MIB | grep -i conn | grep -i rate

It returns:

fwConnectionsStatConnectionRate OBJECT-TYPE
"connection rate (per second) passing through the FireWall-1 Module"
"Writing logs localy, To log servers(0), Local configured (1) Local due to connectivity(2) Local due to high rate(3)"

Paste fwConnectionsStatConnectionRate in Google and the first result is the OID 😀

0 Kudos
Highlighted
Contributor
Get! 0.0
0 Kudos
Highlighted

Some tools to explore the mibs:

ManageEngine MIB Browser:

https://www.manageengine.com/products/mibbrowser-free-tool/

Paessler MIB Importer:

https://www.paessler.com/tools/mibimporter

 

There are OIDs that are not in the mibs, but it helps.

Highlighted
Explorer

Hello.

Using the OID 1.3.6.1.4.1.2620.1.1.26.11.6.0 we do have what seem to be accurate values for at least either the old CP-13500 gateways (without VSX) and in OpenServer environments (also without VSX).

However, when using the same OID when VSX is in place, it seems that the returned values are for VS ID 0, where there is no traffic.

Are you aware of any way for having this same connection rate metric per VSX being returned via a specific OID?

We do have other per VSX OIDs but my understanding is that none is specific for the connection rate, only for metrics such as the total number of connections, traffic, etc.

Thank you.

0 Kudos
Highlighted
Contributor
[Expert@PNS-CP4607-02:0]# snmpwalk -v 2c -c vpn123 localhost 1.3.6.1.4.1.2620.1.1.26.11.6.0
SNMPv2-SMI::enterprises.2620.1.1.26.11.6.0 = Counter32: 2
[Expert@PNS-CP4607-02:0]# snmpwalk -v 2c -c vpn123 localhost 1.3.6.1.4.1.2620.1.1.26.11.6.0
SNMPv2-SMI::enterprises.2620.1.1.26.11.6.0 = Counter32: 2
[Expert@PNS-CP4607-02:0]# snmpwalk -v 2c -c vpn123 localhost 1.3.6.1.4.1.2620.1.1.26.11.6.0
SNMPv2-SMI::enterprises.2620.1.1.26.11.6.0 = Counter32: 1
[Expert@PNS-CP4607-02:0]# snmpwalk -v 2c -c vpn123 localhost 1.3.6.1.4.1.2620.1.1.26.11.6.0
SNMPv2-SMI::enterprises.2620.1.1.26.11.6.0 = Counter32: 1
It seem correct. How do you find it?
0 Kudos
Highlighted
Advisor

NOTE: only valid for non SMB firewalls.

Is cpsnmpd running? I think this is the process snmpd hands off to for checkpoint related oids. 

If its not running do the following

cpconfig

chose option for checkpoint snmp extensions

exit

WARNING: This will do a cpstop / cpstart meaing all services will reload and including firewall policy.

0 Kudos
Highlighted
Contributor
[Expert@PNS-CP4607-02:0]# service snmpd status
snmpd (pid 11013) is running...
0 Kudos