This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Herschel_Liang
Collaborator
‎2020-03-07 04:37 AM
Jump to solution

What is SNMP OID for CP FW number of new connections?

What is SNMP OID for CP FW number of new connections?

0 Kudos
2 Solutions

Accepted Solutions
HristoGrigorov
Mentor
Mentor
‎2020-03-08 08:54 AM
In response to Chris_Atkinson
Jump to solution

Is this OID returning anything for you: .1.3.6.1.4.1.2620.1.1.26.11.6 ?

View solution in original post

Pedro_Espindola
Advisor
‎2020-03-09 12:52 PM
In response to HristoGrigorov
Jump to solution

As Hristo said, 1.3.6.1.4.1.2620.1.1.26.11.6.0 is the correct one. Works on enterprise appliances.

For SMB appliances, you have to use delta of 1.3.6.1.4.1.2620.1.1.25.3.0.

View solution in original post

20 Replies
Chris_Atkinson
Employee Employee
Employee
‎2020-03-07 04:44 AM
Jump to solution

Please review sk90860 section 2-D for more information.

CCSM R77/R80/ELITE
0 Kudos
Herschel_Liang
Collaborator
‎2020-03-07 04:52 AM
In response to Chris_Atkinson
Jump to solution

Is it   .1.3.6.1.4.1.2620.1.1.25.22 ?  But OID Description:    "   Connections rate since last start of Check Point services.  ". I  feel uncertain.

0 Kudos
Herschel_Liang
Collaborator
‎2020-03-07 05:11 AM
In response to Chris_Atkinson
Jump to solution

[Expert@PNS-CP4607-02:0]# snmpwalk -v 2c -c vpn123 localhost .1.3.6.1.4.1.2620.1.1.25.22
SNMPv2-SMI::enterprises.2620.1.1.25.22 = No Such Instance currently exists at this OID

 

What is wrong with it?

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2020-03-07 06:44 AM
In response to Herschel_Liang
Jump to solution

Try dropping the leading '.' and appending .0 to the end.

CCSM R77/R80/ELITE
0 Kudos
Herschel_Liang
Collaborator
‎2020-03-07 07:35 AM
In response to Chris_Atkinson
Jump to solution

[Expert@PNS-CP4607-02:0]# snmpwalk -v 2c -c vpn123 localhost .1.3.6.1.4.1.2620.1.1.25.22.0
SNMPv2-SMI::enterprises.2620.1.1.25.22.0 = No Such Instance currently exists at this OID

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2020-03-07 07:44 AM
In response to Herschel_Liang
Jump to solution

To confirm is this a standard security gateway or are you running VSX and what version?

Do the other OIDs in 2-D return integer values...

 

CCSM R77/R80/ELITE
0 Kudos
Herschel_Liang
Collaborator
‎2020-03-08 04:25 AM
In response to Chris_Atkinson
Jump to solution

[Expert@PNS-CP4607-02:0]# fw ver
This is Check Point's software version R77.30 - Build 001

Simple distributed deploy GW but not VSX.
0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2020-03-08 04:47 AM
In response to Herschel_Liang
Jump to solution

Jumbo Take 351 GA and is your snmp monitoring generally working or does restarting the service help?

 

[Expert@HostName]# service snmpd status

[Expert@HostName]# service snmpd start

CCSM R77/R80/ELITE
0 Kudos
Herschel_Liang
Collaborator
‎2020-03-08 05:19 AM
In response to Chris_Atkinson
Jump to solution

Restart service is useless and I don't want to install hotfix.
Can I [Expert@HostName]# service snmpd stop
and download latest mib file https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.DCFileAction&eventSubmit_d... replace $CPDIR/lib/snmp/chkpnt.mib in GW, then
[Expert@HostName]# service snmpd start
0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2020-03-08 05:23 AM
In response to Herschel_Liang
Jump to solution

 

Given the limited details provided...

If anything it might be related to the NET-SNMP package version, updates available via TAC.

CCSM R77/R80/ELITE
0 Kudos
HristoGrigorov
Mentor
Mentor
‎2020-03-08 08:54 AM
In response to Chris_Atkinson
Jump to solution

Is this OID returning anything for you: .1.3.6.1.4.1.2620.1.1.26.11.6 ?

Pedro_Espindola
Advisor
‎2020-03-09 12:52 PM
In response to HristoGrigorov
Jump to solution

As Hristo said, 1.3.6.1.4.1.2620.1.1.26.11.6.0 is the correct one. Works on enterprise appliances.

For SMB appliances, you have to use delta of 1.3.6.1.4.1.2620.1.1.25.3.0.

Herschel_Liang
Collaborator
‎2020-03-09 09:04 PM
In response to Pedro_Espindola
Jump to solution

It seem correct. How do you find it?
0 Kudos
HristoGrigorov
Mentor
Mentor
‎2020-03-09 09:24 PM
In response to Herschel_Liang
Jump to solution

I found it using this simple command:

# cat CHECKPOINT-MIB | grep -i conn | grep -i rate

It returns:

fwConnectionsStatConnectionRate OBJECT-TYPE
"connection rate (per second) passing through the FireWall-1 Module"
"Writing logs localy, To log servers(0), Local configured (1) Local due to connectivity(2) Local due to high rate(3)"

Paste fwConnectionsStatConnectionRate in Google and the first result is the OID 😀

0 Kudos
Pedro_Espindola
Advisor
‎2020-03-10 10:35 AM
In response to HristoGrigorov
Jump to solution

Some tools to explore the mibs:

ManageEngine MIB Browser:

https://www.manageengine.com/products/mibbrowser-free-tool/

Paessler MIB Importer:

https://www.paessler.com/tools/mibimporter

 

There are OIDs that are not in the mibs, but it helps.

David_Antunes
Explorer
‎2020-06-02 05:46 AM
In response to Pedro_Espindola
Jump to solution

Hello.

Using the OID 1.3.6.1.4.1.2620.1.1.26.11.6.0 we do have what seem to be accurate values for at least either the old CP-13500 gateways (without VSX) and in OpenServer environments (also without VSX).

However, when using the same OID when VSX is in place, it seems that the returned values are for VS ID 0, where there is no traffic.

Are you aware of any way for having this same connection rate metric per VSX being returned via a specific OID?

We do have other per VSX OIDs but my understanding is that none is specific for the connection rate, only for metrics such as the total number of connections, traffic, etc.

Thank you.

0 Kudos
Herschel_Liang
Collaborator
‎2020-03-09 09:03 PM
In response to HristoGrigorov
Jump to solution

[Expert@PNS-CP4607-02:0]# snmpwalk -v 2c -c vpn123 localhost 1.3.6.1.4.1.2620.1.1.26.11.6.0
SNMPv2-SMI::enterprises.2620.1.1.26.11.6.0 = Counter32: 2
[Expert@PNS-CP4607-02:0]# snmpwalk -v 2c -c vpn123 localhost 1.3.6.1.4.1.2620.1.1.26.11.6.0
SNMPv2-SMI::enterprises.2620.1.1.26.11.6.0 = Counter32: 2
[Expert@PNS-CP4607-02:0]# snmpwalk -v 2c -c vpn123 localhost 1.3.6.1.4.1.2620.1.1.26.11.6.0
SNMPv2-SMI::enterprises.2620.1.1.26.11.6.0 = Counter32: 1
[Expert@PNS-CP4607-02:0]# snmpwalk -v 2c -c vpn123 localhost 1.3.6.1.4.1.2620.1.1.26.11.6.0
SNMPv2-SMI::enterprises.2620.1.1.26.11.6.0 = Counter32: 1
It seem correct. How do you find it?
0 Kudos
John_Fleming
Advisor
‎2020-03-09 11:28 AM
In response to Herschel_Liang
Jump to solution

NOTE: only valid for non SMB firewalls.

Is cpsnmpd running? I think this is the process snmpd hands off to for checkpoint related oids. 

If its not running do the following

cpconfig

chose option for checkpoint snmp extensions

exit

WARNING: This will do a cpstop / cpstart meaing all services will reload and including firewall policy.

0 Kudos
Herschel_Liang
Collaborator
‎2020-03-09 09:01 PM
In response to John_Fleming
Jump to solution

[Expert@PNS-CP4607-02:0]# service snmpd status
snmpd (pid 11013) is running...
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top