nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials
Store

CheckPoint IPSec VPN Monitoring

praveen_v

Hi All,

How to Monitor VPN Tunnel State in checkpoint firewalls ? If there is no default option means it can be done with OID?

Find more posts tagged with

Accepted answers

yaquaholic

Praveen,

The 'Unique Name' will be whatever you called your SNMP poller, so replace this for yours.

3 being an status of active, this will alert when it returns any other value.

Hope it helps.

All comments

HerrDoktor

Hi Praveen,

you are right, if it does not come up in the defaults, you need to create a UnDP Universal Device Poller. I did a quick search and found this Monitoring IPSec VPN tunnels with CheckPoint OIDs on GAiA R75.46 they list some OIDs you might want to include in your UnDP.

praveen_v

Thanks Herr

praveen_v

How do i enable alarms for this when it goes down?

nickzourdos

If you use the Universal Device Poller tool to create a new UnDP for the tunnel you can alert on the "tunnel state", which is reported as a raw number (from the article linked above):

OID for a specific parameter is .1.3.6.1.4.1.2620.500.9002.1.#.{peer-ip-addr}.0 where # identifies parameter
3: Tunnel state (3=active, 4=destroy, 129=idle, 130=phase1, 131=down, 132=init, see SK63663)

So if the value of the UnDP != 3 (active), send an alert that something is wrong with the tunnel

praveen_v

Thanks can you send me the alarm config screenshot

yaquaholic

Praveen,

The 'Unique Name' will be whatever you called your SNMP poller, so replace this for yours.

3 being an status of active, this will alert when it returns any other value.

Hope it helps.

e_turkmenler

Hi yaquaholic,

Alert is working but how did you manage the trigger action for this alert.

If you have more than 1 vpn, how do you understand which vpn is down, can you send the trigger action screenshot.

Thank you

yaquaholic

Out trigger ended up looking like this:

SELECT E0.[Uri], E0.[DisplayName]

FROM Orion.NPM.CustomPollerStatusOnNodeTabular AS E0

WHERE E0.[CustomPollerAssignment].[CustomPoller].[UniqueName] = '<poller name goes here>'

AND ( E0.[RawStatus] = '4' OR E0.[RawStatus] > '129' )

And as we were getting a bit of alert noise, we set Condition must exist for more than 5 minutes, to check that the error wasn't just a tunnel reconnecting.

And into the alert email body:

<b>VPN Tunnel alert for ${N=SwisEntity;M=CustomPollerAssignment.Node.Caption} </b>

VPN tunnel peer IP: ${N=SwisEntity;M=RowLabel}

Status: ${N=SwisEntity;M=Status}

Description: ${N=SwisEntity;M=CustomPollerAssignment.CustomPoller.Description}

This reports the VPN details to the service desk, to pass to our network team.

Hope it helps!