Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Herschel_Liang
Collaborator

What is SNMP OID for CP FW number of new connections?

Jump to solution

What is SNMP OID for CP FW number of new connections?

0 Kudos
2 Solutions

Accepted Solutions

Is this OID returning anything for you: .1.3.6.1.4.1.2620.1.1.26.11.6 ?

View solution in original post

Pedro_Espindola
Advisor

As Hristo said, 1.3.6.1.4.1.2620.1.1.26.11.6.0 is the correct one. Works on enterprise appliances.

For SMB appliances, you have to use delta of 1.3.6.1.4.1.2620.1.1.25.3.0.

View solution in original post

20 Replies
Chris_Atkinson
Employee
Employee

Please review sk90860 section 2-D for more information.

0 Kudos
Herschel_Liang
Collaborator

Is it   .1.3.6.1.4.1.2620.1.1.25.22 ?  But OID Description:    "   Connections rate since last start of Check Point services.  ". I  feel uncertain.

0 Kudos
Herschel_Liang
Collaborator

[Expert@PNS-CP4607-02:0]# snmpwalk -v 2c -c vpn123 localhost .1.3.6.1.4.1.2620.1.1.25.22
SNMPv2-SMI::enterprises.2620.1.1.25.22 = No Such Instance currently exists at this OID

 

What is wrong with it?

0 Kudos
Chris_Atkinson
Employee
Employee

Try dropping the leading '.' and appending .0 to the end.

0 Kudos
Herschel_Liang
Collaborator

[Expert@PNS-CP4607-02:0]# snmpwalk -v 2c -c vpn123 localhost .1.3.6.1.4.1.2620.1.1.25.22.0
SNMPv2-SMI::enterprises.2620.1.1.25.22.0 = No Such Instance currently exists at this OID

0 Kudos
Chris_Atkinson
Employee
Employee

To confirm is this a standard security gateway or are you running VSX and what version?

Do the other OIDs in 2-D return integer values...

 

0 Kudos
Herschel_Liang
Collaborator
[Expert@PNS-CP4607-02:0]# fw ver
This is Check Point's software version R77.30 - Build 001

Simple distributed deploy GW but not VSX.
0 Kudos
Chris_Atkinson
Employee
Employee

Jumbo Take 351 GA and is your snmp monitoring generally working or does restarting the service help?

 

[Expert@HostName]# service snmpd status

[Expert@HostName]# service snmpd start

0 Kudos
Herschel_Liang
Collaborator
Restart service is useless and I don't want to install hotfix.
Can I [Expert@HostName]# service snmpd stop
and download latest mib file https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.DCFileAction&eventSubmit_d... replace $CPDIR/lib/snmp/chkpnt.mib in GW, then
[Expert@HostName]# service snmpd start
0 Kudos
Chris_Atkinson
Employee
Employee

 

Given the limited details provided...

If anything it might be related to the NET-SNMP package version, updates available via TAC.

0 Kudos

Is this OID returning anything for you: .1.3.6.1.4.1.2620.1.1.26.11.6 ?

View solution in original post

Pedro_Espindola
Advisor

As Hristo said, 1.3.6.1.4.1.2620.1.1.26.11.6.0 is the correct one. Works on enterprise appliances.

For SMB appliances, you have to use delta of 1.3.6.1.4.1.2620.1.1.25.3.0.

View solution in original post

Herschel_Liang
Collaborator
It seem correct. How do you find it?
0 Kudos

I found it using this simple command:

# cat CHECKPOINT-MIB | grep -i conn | grep -i rate

It returns:

fwConnectionsStatConnectionRate OBJECT-TYPE
"connection rate (per second) passing through the FireWall-1 Module"
"Writing logs localy, To log servers(0), Local configured (1) Local due to connectivity(2) Local due to high rate(3)"

Paste fwConnectionsStatConnectionRate in Google and the first result is the OID 😀

0 Kudos
Herschel_Liang
Collaborator
Get! 0.0
0 Kudos
Pedro_Espindola
Advisor

Some tools to explore the mibs:

ManageEngine MIB Browser:

https://www.manageengine.com/products/mibbrowser-free-tool/

Paessler MIB Importer:

https://www.paessler.com/tools/mibimporter

 

There are OIDs that are not in the mibs, but it helps.

David_Antunes
Explorer

Hello.

Using the OID 1.3.6.1.4.1.2620.1.1.26.11.6.0 we do have what seem to be accurate values for at least either the old CP-13500 gateways (without VSX) and in OpenServer environments (also without VSX).

However, when using the same OID when VSX is in place, it seems that the returned values are for VS ID 0, where there is no traffic.

Are you aware of any way for having this same connection rate metric per VSX being returned via a specific OID?

We do have other per VSX OIDs but my understanding is that none is specific for the connection rate, only for metrics such as the total number of connections, traffic, etc.

Thank you.

0 Kudos
Herschel_Liang
Collaborator
[Expert@PNS-CP4607-02:0]# snmpwalk -v 2c -c vpn123 localhost 1.3.6.1.4.1.2620.1.1.26.11.6.0
SNMPv2-SMI::enterprises.2620.1.1.26.11.6.0 = Counter32: 2
[Expert@PNS-CP4607-02:0]# snmpwalk -v 2c -c vpn123 localhost 1.3.6.1.4.1.2620.1.1.26.11.6.0
SNMPv2-SMI::enterprises.2620.1.1.26.11.6.0 = Counter32: 2
[Expert@PNS-CP4607-02:0]# snmpwalk -v 2c -c vpn123 localhost 1.3.6.1.4.1.2620.1.1.26.11.6.0
SNMPv2-SMI::enterprises.2620.1.1.26.11.6.0 = Counter32: 1
[Expert@PNS-CP4607-02:0]# snmpwalk -v 2c -c vpn123 localhost 1.3.6.1.4.1.2620.1.1.26.11.6.0
SNMPv2-SMI::enterprises.2620.1.1.26.11.6.0 = Counter32: 1
It seem correct. How do you find it?
0 Kudos
John_Fleming
Advisor

NOTE: only valid for non SMB firewalls.

Is cpsnmpd running? I think this is the process snmpd hands off to for checkpoint related oids. 

If its not running do the following

cpconfig

chose option for checkpoint snmp extensions

exit

WARNING: This will do a cpstop / cpstart meaing all services will reload and including firewall policy.

0 Kudos
Herschel_Liang
Collaborator
[Expert@PNS-CP4607-02:0]# service snmpd status
snmpd (pid 11013) is running...
0 Kudos