Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Wolfgang
Authority
Authority

monitoring Maestro

Hello CheckMates,

I'm looking for a solution to monitor the state of the individual gateways (not the MHOs).
Last week one of the gateways crashed and was not was available. If you login to a MHO or the SG no statement shown about the failing appliance. Only if you did a mouse over in the orchestrator-view you could see a small hint for lost connectivity with these appliance.
Best way would be to monitor the state via SNMP from external monitoring system, but how can I achieve this ?

How do you monitor your Maestro environments?

Wolfgang

 

8 Replies
HristoGrigorov

Install Zabbix and import one of the many available CPFW templates and go from there.

0 Kudos
Chris_Atkinson
Employee Employee
Employee

1.) asg monitor

asg monitor.png


2.) asg alert

asg alert.png

CCSM R77/R80/ELITE
0 Kudos
Wolfgang
Authority
Authority

@Chris_Atkinson 

thanks for your answer.

"asg monitor" needs ssh into the environment to look what happens.

"asg alert", will be fine but is it possible to monitor these states, those for they are alert sending will be configured ?

Maybee with SNMP-Monitoring Tools like CheckMK, PRTG, Nagios, Zabbix etc. 

Wolfgang

0 Kudos
Peter_Lyndley
Advisor
Advisor

Hi Wolfgang,

I personally use Indeni, which makes ssh connection to all managed devices and runs various commands to ascertain the state and health of the firewall. I would recommend it over snmp based tools, simply for its flexibility and as it uses ssh, you can make use of any Check Point or linux os command, rather than trying to work out which OID is useful..... I have no affiliation to Indeni, i am just a user of the product
oliver_gao36
Participant

Hi Wolfgang,

In our test environment, i deployed a PRTG and a Zabbix, they are both working well.

i am going to deploy a Prometheus with Grafana for evaluation, but looks it is a bit complicated.

0 Kudos
Chris_Atkinson
Employee Employee
Employee

For awareness R80.20SP JHF T309 provides some monitoring enhancements.

See sk155832 for details.

CCSM R77/R80/ELITE
Sven_Glock
Advisor

Hi Wolfgang,

same problem here.

Monitoring the SMO is ok, when all traffic is active on SMO side. (I don't want to say it is good as sometimes there are diffent states on single sgms)
I want to run VSX in VSLS mode on maestro with both sites active.

Implementing monitoring in the existing snmp monitoring would be the easiest.

So I am looking forward the outcome of this threat 😉

 

Regards

Sven

0 Kudos
Chris_Atkinson
Employee Employee
Employee

In case the below is helpful to some, appreciate that it may not be detailed enough for everyone's taste however.

 

# snmpwalk -v 2c <snip> .1.3.6.1.4.1.2620.1.48.28.5.1

SNMPv2-SMI::enterprises.2620.1.48.28.5.1.2.1.0 = STRING: "1_01"
SNMPv2-SMI::enterprises.2620.1.48.28.5.1.2.2.0 = STRING: "1_02"
SNMPv2-SMI::enterprises.2620.1.48.28.5.1.2.3.0 = STRING: "1_03"
SNMPv2-SMI::enterprises.2620.1.48.28.5.1.2.4.0 = STRING: "1_04"
SNMPv2-SMI::enterprises.2620.1.48.28.5.1.2.5.0 = STRING: "1_05"
SNMPv2-SMI::enterprises.2620.1.48.28.5.1.2.6.0 = STRING: "1_06"
SNMPv2-SMI::enterprises.2620.1.48.28.5.1.2.7.0 = STRING: "1_07"
SNMPv2-SMI::enterprises.2620.1.48.28.5.1.3.1.0 = STRING: "ACTIVE"
SNMPv2-SMI::enterprises.2620.1.48.28.5.1.3.2.0 = STRING: "ACTIVE"
SNMPv2-SMI::enterprises.2620.1.48.28.5.1.3.3.0 = STRING: "DOWN"
SNMPv2-SMI::enterprises.2620.1.48.28.5.1.3.4.0 = STRING: "ACTIVE"
SNMPv2-SMI::enterprises.2620.1.48.28.5.1.3.5.0 = STRING: "DOWN"
SNMPv2-SMI::enterprises.2620.1.48.28.5.1.3.6.0 = STRING: "ACTIVE"
SNMPv2-SMI::enterprises.2620.1.48.28.5.1.3.7.0 = STRING: "ACTIVE"

 

Source: sk168878

CCSM R77/R80/ELITE