Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Leandro_Nicolet
Contributor

Monitoring of connection tables

I'm looking for a way to monitor and alert on connection table usage and wondered if anyone has come across a way to do it this effectively. This could either be based on a figure or percentage.  Ideally I would like some sort of SNMP trap or email when a table reaches 75-80% of its capacity. This is something  I would then like use on all our firewalls. 

Our current setup is R80.10 management (take 189) with a mixture of R80.10 / R77.30 gateways all running VSX which the exception of one stand alone firewall.

 

0 Kudos
11 Replies
Timothy_Hall
Legend Legend
Legend

If you have the IPS blade, enable the Aggressive Aging signature with the parameters you want, then set the Track for that signature to Email or SNMP Trap.  Email recipient and/or trap receiver is configured under Global Properties...Log & Alert...Alerts.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
tavi0906
Contributor

if i am not wrong when we enable the AA with the parameters, it will only delete the connections ?

how to get alerts when concurrent connections reach to max 80% ?

want to know the exact steps to set up alert .

0 Kudos
Chris_Atkinson
Employee Employee
Employee

These are the options Timothy has referenced:

GP Alert Settings.PNG

AA Alert.PNG

CCSM R77/R80/ELITE
0 Kudos
tavi0906
Contributor

Yes, i have gone through this options before but my doubt is can we an alert when we set this options, when the concurrent connections reaches 80 % percent ?

 

0 Kudos
Chris_Atkinson
Employee Employee
Employee

80% of memory capacity or 80% of a static specified connection limit value, unless this is VSX the connection limit is usually "auto" and not defined with a set upper limit.

The above would trigger when aggressive aging becomes active based on the AA defined thresholds.

If your application is different potentially SNMP monitoring or Skyline might be better suited to your use case.

What memory population does your system have versus what's possible for that system / appliance model?

SNMP.PNG

Source: How to configure SNMP on Gaia OS (checkpoint.com)

CCSM R77/R80/ELITE
0 Kudos
tavi0906
Contributor

Is this OID can use for VSX ? 

Because we already tries using this but couldn't get any results .

and OID's for all the VSX same or different ?

 

0 Kudos
Scott_Paisley
Advisor

You can certainly monitor the number of connections, CheckPointfwNumConn, (not exactly connection table) via SNMP. We monitor that with Solarwinds, and could probably alert from there. 

0 Kudos
JozkoMrkvicka
Mentor
Mentor

Thats actually really great idea to have monitoring of provided (or all) kernel tables in place.

I can imagine to have syntax something like:

snmpwalk <kernel_table> <threshold>

On the other hand, is there way to check name of all kernel tables ?

Kind regards,
Jozko Mrkvicka
0 Kudos
PhoneBoy
Admin
Admin

fw tab (no arguments) should show you all the different kernel table names.

0 Kudos
tavi0906
Contributor

we have 5 VSX  , we need to monitor the concurrent connections from solar winds. so, need OID values to monitor the concurrent connections ?

and also OID for all the VSX is same or different ?

i have gone through with the sk90860 and i am not sure what the exact OID values to use to monitor concurrent connections.

 

 

0 Kudos
Leandro_Nicolet
Contributor

Thanks everyone. Will probably have a look at what we can do with SNMP and Solarwinds. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events