Hi All,
How to Monitor VPN Tunnel State in checkpoint firewalls ? If there is no default option means it can be done with OID?
Praveen,
The 'Unique Name' will be whatever you called your SNMP poller, so replace this for yours.
3 being an status of active, this will alert when it returns any other value.
Hope it helps.
Hi Praveen,
you are right, if it does not come up in the defaults, you need to create a UnDP Universal Device Poller. I did a quick search and found this Monitoring IPSec VPN tunnels with CheckPoint OIDs on GAiA R75.46 they list some OIDs you might want to include in your UnDP.
Thanks Herr
How do i enable alarms for this when it goes down?
If you use the Universal Device Poller tool to create a new UnDP for the tunnel you can alert on the "tunnel state", which is reported as a raw number (from the article linked above):
OID for a specific parameter is .1.3.6.1.4.1.2620.500.9002.1.#.{peer-ip-addr}.0 where # identifies parameter 3: Tunnel state (3=active, 4=destroy, 129=idle, 130=phase1, 131=down, 132=init, see SK63663)
OID for a specific parameter is .1.3.6.1.4.1.2620.500.9002.1.#.{peer-ip-addr}.0 where # identifies parameter
3: Tunnel state (3=active, 4=destroy, 129=idle, 130=phase1, 131=down, 132=init, see SK63663)
So if the value of the UnDP != 3 (active), send an alert that something is wrong with the tunnel
