Thanks,  the CPU question was aimed more at the VS, but this really is a a missing part for external monitoring and capacity management, and I can't see how this could be monitored via SNMP unless, as you suggested have dedicate cores, even then how would SNMP be able to monitor it as its the same issue, SNMP only seems to pick up the CPU OID for the overall tin.

Actually you can pull all process load for a given VS. We do this with: CHECKPOINT-MIB::fwInstancesCPUTable

This allows us to graph each VS individually and collectively, see below:

All VS share the same some 24 cores and 8 SNDs 

fwk load of a VS with 5 cores assigned

all VS fwk load SUM'ed per VS

VSX load

fwk 5 coresall VS on cluster fwk loadgeneral VSX load

I take it there is a OID for this and its different per VS?  How you you actually use this from an SNMP MGR such as PRTG?

I did a snmpwalk and could not see this.

Downloaded the last (R81) MIB file from Checkpoint  (SK90470)

The MIB file has syntax errors so corrected theses.

converted and uploaded to PRTG using the below link:

Can't find a sensor for my device in PRTG but I believe it supports SNMP. How to proceed? | Paessler...

But not really seeing any difference.

Additionally search the MIB file for 'fwInstancesCPUTable' and it does not exist? (See attached)

Hey,

I poll each VS through the VSX DMI. Use snmp v3 with the flag -n ctxname_vsid17 - to poll a specific VS through the DMI.

The oid is there. Check the official mib in sk90470 (I use r80.40)

But without knowing prtg I can only recommend to look into a TIG stack - Telegraf/InfluxDB/Grafana solution. It will improve your monitoring level many times.

I have attached a telegraf config to get you started for single VS monitoring.

Very nice! 🙂

Awesome thanks, will give this a go.

Good old MRTG had a similar limitation so I managed to suss out from the code that it was case sensitive, so I just had to create targets with different combinations of upper lower case letters 🙂

Remember that you should be able to poll VS directly by setting vs-direct-access

hah that is a great limitation 🙂

I rerely see a design where direct VS polling is doable. Many VS are simply cut off from the monitoring platform (implicit by design).

I like we can poll each VS from the DMI, but I would like that Check Point was more consistent offering VS data from VS0 snmp tables.

Some data is available others not. 

I managed to use the MIB file on PRTG, however still not able to see '::fwInstancesCPUTable' reference within the snmpwalk.  I have at least got the VSWs in and now Connections Limit, Peak and concurrent values, even managed to figure how how to combine the values into one chart.