Checkpoint VPN Count

egas

Greetings thwackers!

I'm hoping some wise geek out there can assist me with my conundrum.

With the pandemic going on and getting worse in my country, work from home has been extended indefinitely and we are trying to monitor our VPN users to determine if need to purchase more licenses.

We are using a Check Point and and I found a process to get the data I need out of Check Point from this post:

.How to Monitor Concurrent VPN users connected to a... - Check Point CheckMates

If a customer have asked to you how to monitor the concurrent VPN sessions per user with a specific SNMP tool you will have to follow the following procedure:

1. Login to the Gateway via SSH
2. From clish run the command "show configuration snmp" to check which is your community

The Output should be something like this:
CPSG> show configuration snmp
set snmp mode default
set snmp agent on
set snmp agent-version any
set snmp community labtest read-only
add snmp interface eth2.4
add snmp interface lo

Note: The community in this case is "labtest"

3. Go again to expert mode and create a directory:
CPSG# mkdir /var/log/snmpmon_script

4. Navigate to the directory you created in the previous step
CPSG# cd /var/log/snmpmon_script

5. Create a script in which you will put the following command:

CPSG# vi vpnconcurrentmon.sh

fw tab -t userc_users -s | awk '{print $4}' | grep -v -e "#VALS"

Notes: If you want to insert press "i" then paste the command and to save the changes and exit type
5.1. ":"
5.2. "wq!"
5.3. "Enter"


6. Then we have to make sure that the script that we have created works "sh vpnconcurrentmon.sh"
-It should give you the number of concurrent VPN users

7. Then you have to use snmpwalk to make sure your firewall is not using the OID you are about to configure:
CPSG# snmpwalk -v 2c -c labtest localhost .1.2.3.4.5.6.7.8.15

Note: The OID that we want to use in this case is: .1.2.3.4.5.6.7.8.15

8. Then we will create a copy of the original file, to have a copy and modify the original:
CPSG# cd /etc/snmp
CPSG# cp userDefinedSettings.conf userDefinedSettings.conf_original

9. Then to modify the original file we have to make a new "vi" to the file named: "userDefinedSettings.conf"
CPSG# vi userDefinedSettings.conf

9.1 In the editor add the line at the end of the comments "#":
extend .1.2.3.4.5.6.7.8.15 process_monitor /bin/sh /var/log/snmpmon_script/vpnconcurrentmon.sh


10. In clish mode restart snmp services:
CAT-EP> set snmp agent off
CAT-EP> set snmp agent on
CAT-EP> save config
CAT-EP> exit

11. In expert mode validate your OID:

CPSG# snmpwalk -v2c -c labtest localhost .1.2.3.4.5.6.7.8.15
iso.2.3.4.5.6.7.8.15.1.0 = INTEGER: 1
iso.2.3.4.5.6.7.8.15.2.1.2.15.112.114.111.99.101.115.115.95.109.111.110.105.116.111.114 = STRING: "/bin/sh"
iso.2.3.4.5.6.7.8.15.2.1.3.15.112.114.111.99.101.115.115.95.109.111.110.105.116.111.114 = STRING: "/var/log/snmpmon_script/concurrentvpn.sh"
iso.2.3.4.5.6.7.8.15.2.1.4.15.112.114.111.99.101.115.115.95.109.111.110.105.116.111.114 = ""
iso.2.3.4.5.6.7.8.15.2.1.5.15.112.114.111.99.101.115.115.95.109.111.110.105.116.111.114 = INTEGER: 5
iso.2.3.4.5.6.7.8.15.2.1.6.15.112.114.111.99.101.115.115.95.109.111.110.105.116.111.114 = INTEGER: 1
iso.2.3.4.5.6.7.8.15.2.1.7.15.112.114.111.99.101.115.115.95.109.111.110.105.116.111.114 = INTEGER: 1
iso.2.3.4.5.6.7.8.15.2.1.20.15.112.114.111.99.101.115.115.95.109.111.110.105.116.111.114 = INTEGER: 4
iso.2.3.4.5.6.7.8.15.2.1.21.15.112.114.111.99.101.115.115.95.109.111.110.105.116.111.114 = INTEGER: 1
iso.2.3.4.5.6.7.8.15.3.1.1.15.112.114.111.99.101.115.115.95.109.111.110.105.116.111.114 = STRING: "2"
iso.2.3.4.5.6.7.8.15.3.1.2.15.112.114.111.99.101.115.115.95.109.111.110.105.116.111.114 = STRING: "2"
iso.2.3.4.5.6.7.8.15.3.1.3.15.112.114.111.99.101.115.115.95.109.111.110.105.116.111.114 = INTEGER: 1
iso.2.3.4.5.6.7.8.15.3.1.4.15.112.114.111.99.101.115.115.95.109.111.110.105.116.111.114 = INTEGER: 0
iso.2.3.4.5.6.7.8.15.4.1.2.15.112.114.111.99.101.115.115.95.109.111.110.105.116.111.114.1 = STRING: "2"
CPSG#
CPSG# fw tab -t userc_users -s | awk '{print $4}' | grep -v -e "#VALS"
2

11.1 Then use again the snmpwalk command to navigate to the correct OID:
CPSG# snmpwalk -v2c -c labtest localhost .1.2.3.4.5.6.7.8.15.4.1.2.15.112.114.111.99.101.115.115.95.109.111.110.105.116.111.114.1

This works on the Check Point appliance but when try to create a Universal Device Poller for .1.2.3.4.5.6.7.8.15.4.1.2.15.112.114.111.99.101.115.115.95.109.111.110.105.116.111.114.1, it does not find it. What am I doing wrong??