This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Leandro_Nicolet
Contributor
‎2019-03-15 05:20 AM

Monitoring of connection tables

I'm looking for a way to monitor and alert on connection table usage and wondered if anyone has come across a way to do it this effectively. This could either be based on a figure or percentage.  Ideally I would like some sort of SNMP trap or email when a table reaches 75-80% of its capacity. This is something  I would then like use on all our firewalls. 

Our current setup is R80.10 management (take 189) with a mixture of R80.10 / R77.30 gateways all running VSX which the exception of one stand alone firewall.

 

0 Kudos
5 Replies
Timothy_Hall
Champion
Champion
‎2019-03-15 06:15 AM

If you have the IPS blade, enable the Aggressive Aging signature with the parameters you want, then set the Track for that signature to Email or SNMP Trap.  Email recipient and/or trap receiver is configured under Global Properties...Log & Alert...Alerts.

Updated 2023 IPS/AV/ABOT R81.20 Course now
available at maxpowerfirewalls.com
0 Kudos
Scott_Paisley
Advisor
‎2019-03-15 08:15 AM

You can certainly monitor the number of connections, CheckPointfwNumConn, (not exactly connection table) via SNMP. We monitor that with Solarwinds, and could probably alert from there. 

0 Kudos
JozkoMrkvicka
Mentor
Mentor
‎2019-03-17 03:28 AM
In response to Scott_Paisley

Thats actually really great idea to have monitoring of provided (or all) kernel tables in place.

I can imagine to have syntax something like:

snmpwalk <kernel_table> <threshold>

On the other hand, is there way to check name of all kernel tables ?

Kind regards,
Jozko Mrkvicka
0 Kudos
PhoneBoy
Admin
Admin
‎2019-03-17 08:22 AM
In response to JozkoMrkvicka

fw tab (no arguments) should show you all the different kernel table names.

0 Kudos
Leandro_Nicolet
Contributor
‎2019-03-18 07:39 AM

Thanks everyone. Will probably have a look at what we can do with SNMP and Solarwinds. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events