Thanks for the reply, guys!

Sorry for my late response..

Have to admit that it's not clear to me how you would configure something in clish on a per vs basis?

If i do vsenv and clish -c 'show configuration' it will list the snmp location and contact which is configured for VS0.

This has been subject to a few discussions, you can't easily access a context from VS0 and clish and run commands without jumping some hoops like using files and so on.

You can then go to clish from VSO, type show virtual-system all and then set virtual-system X  where X is your VSID.

your prompt will change to hostname:x> meaning you're in clish for the relevant VS.

Good day,

Thanks for the response.
Even though I set the vsenv as you described through clish it does not still seem to be writing the configuration for that specific vs.
If I run show configuration, the global configuration is listed and I am not able to find the snmp contact which is defined, currently as contact_3 where the number corresponds with the vs id.

br

Jørgen

Setting "vsenv" in Bash (Expert mode) has no affect on CLISH if you try to run "clish -c ...." directly.  You always have to enter CLISH, then "set virtual-system VSID".  Alternatively, write a short CLISH script then execute it.

Likewise, if you SSH directly to CLISH, and run "set virtual-system VSID", then enter Expert mode, your VS is reset back to VS0 in Bash.  These two have no bearing on each other (yet).

This has been fixed in R82 if you use the new VSnext mode.

(EDIT)  For SNMP, you can run SNMP in several different modes.  You can run one SNMP instance for all VSes or you can run a SNMP instance per-VS context.  Check your SNMP mode.  Details are in the VSX Admin Guide.

Good day,

Yup I realized, but ssh'ing to the node and doing set virtual-system x and doing the clish config, does not seeem to work either.

Yes, SNMP itself is a global item because it is closely bound to the physical host.  You can't have different "contact" and "location" configurations per VS.  The physical host counters (disk, IO, RAM, fans, etc.) are part of the global SNMP daemon.  The Check Point product software counters (VPNs, connections, etc.) are accessed via the SNMP context (for SNMPv3) or community extension (SNMP v2c).

You can have different SNMP v3 users with access to different VS IDs, which is part of the SNMP virtualization for VSX. VS0 is one of those specific VS IDs (assuming you have "snmp mode vs" and "snmp vs-direct-access on".

What you are seeing is correct.

Right, my problem would be solved if the VS' would inherit the configured snmp contact and location configured on the physical host. Instead it creates a contact with a running number and device location unset.

If you're using SNMP v2c, this might be a bug.  Can you also try with SNMPv3 and and use SNMP contexts to test it?

If you use snmpget or snmpwalk, then add "-n <VSID>" to the command option.

Check the jumbo HFA release notes for your version; recent HFAs had some SNMP-related fixes.  You might have to run it through TAC if this is indeed a bug.

I am not able to use the "-n <VSID>" as i am using:  "snmp mode vs" and "snmp vs-direct-access on".
But here is the output of snmp contact when i poll the physical host and when i poll the vs.
The VS id is 3, hence the snmp contact is "contact_3":

whoami@librenms:~$ snmpwalk -v 3 -u username -l authPriv -a SHA -A password -x AES -X password 192.0.2.29 1.3.6.1.2.1.1.4.0
iso.3.6.1.2.1.1.4.0 = STRING: "THIS IS THE SNMP CONTACT CONFIGURED."

whoami@librenms:~$ snmpwalk -v 3 -u username -l authPriv -a SHA -A password -x AES -X password 192.0.2.30 1.3.6.1.2.1.1.4.0
iso.3.6.1.2.1.1.4.0 = STRING: "contact_3"


Also here is the output of location:
physical host:
iso.3.6.1.2.1.1.6.0 = STRING: "REGION,COUNTRY,CITY"

vs:
iso.3.6.1.2.1.1.6.0 = STRING: "Unknown"

I checked a VSX host of mine and got the same results.  My VSX has vs-direct-access as well, but the contact OID result didn't have the trailing VSID, when querying the VS directly.  Otherwise, the Location OID result was also "Unknown" like yours.

R81.20  Jumbo HFA 84

Yeah this might be a bug.  Send it over to TAC for a review and hopefully they can get it escalated for you!

Tried to reply multiple times, but gets removed every time it seems like. Possibly cause i had the snmpwalk string copied.
I am using snmp v3.

Here is the output of snmp walk, .20 is physical host and .30 is vs. cant do -n as i have "snmp mode vs" and "snmp vs-direct-access on" configured.

whoami@librenms:~$ snmpwalk -v 3 … 192.0.2.29 1.3.6.1.2.1.1.4.0
iso.3.6.1.2.1.1.4.0 = STRING: "THIS IS THE SNMP CONTACT CONFIGURED."

whoami@librenms:~$ snmpwalk -v 3 ... 192.0.2.30 1.3.6.1.2.1.1.4.0
iso.3.6.1.2.1.1.4.0 = STRING: "contact_3"

I wrote a little script which helps with that. It's also up on Github.