Hi All,
How to Monitor VPN Tunnel State in checkpoint firewalls ? If there is no default option means it can be done with OID?
Praveen,
The 'Unique Name' will be whatever you called your SNMP poller, so replace this for yours.
3 being an status of active, this will alert when it returns any other value.
Hope it helps.
Hi Praveen,
you are right, if it does not come up in the defaults, you need to create a UnDP Universal Device Poller. I did a quick search and found this Monitoring IPSec VPN tunnels with CheckPoint OIDs on GAiA R75.46 they list some OIDs you might want to include in your UnDP.
Thanks Herr
How do i enable alarms for this when it goes down?
If you use the Universal Device Poller tool to create a new UnDP for the tunnel you can alert on the "tunnel state", which is reported as a raw number (from the article linked above):
OID for a specific parameter is .1.3.6.1.4.1.2620.500.9002.1.#.{peer-ip-addr}.0 where # identifies parameter 3: Tunnel state (3=active, 4=destroy, 129=idle, 130=phase1, 131=down, 132=init, see SK63663)
OID for a specific parameter is .1.3.6.1.4.1.2620.500.9002.1.#.{peer-ip-addr}.0 where # identifies parameter
3: Tunnel state (3=active, 4=destroy, 129=idle, 130=phase1, 131=down, 132=init, see SK63663)
So if the value of the UnDP != 3 (active), send an alert that something is wrong with the tunnel
Thanks can you send me the alarm config screenshot
Hi yaquaholic,
Alert is working but how did you manage the trigger action for this alert.
If you have more than 1 vpn, how do you understand which vpn is down, can you send the trigger action screenshot.
Thank you
Out trigger ended up looking like this:
SELECT E0.[Uri], E0.[DisplayName]
FROM Orion.NPM.CustomPollerStatusOnNodeTabular AS E0
WHERE E0.[CustomPollerAssignment].[CustomPoller].[UniqueName] = '<poller name goes here>'
AND ( E0.[RawStatus] = '4' OR E0.[RawStatus] > '129' )
And as we were getting a bit of alert noise, we set Condition must exist for more than 5 minutes, to check that the error wasn't just a tunnel reconnecting.
And into the alert email body:
<b>VPN Tunnel alert for ${N=SwisEntity;M=CustomPollerAssignment.Node.Caption} </b>
VPN tunnel peer IP: ${N=SwisEntity;M=RowLabel}
Status: ${N=SwisEntity;M=Status}
Description: ${N=SwisEntity;M=CustomPollerAssignment.CustomPoller.Description}
This reports the VPN details to the service desk, to pass to our network team.
Hope it helps!
Thank you for the reply yaquaholic,
It has changed my alert format a bit but i still couldn't get what i want.
Could you send screenshots as are you doing these settings from cli ?
I couldn't understand the trigger settings my settings are as attached, if you could check it would also be great.
I catch the vpn status as below, 130 and 131 is for permanent tunnels with 3rd parties as checkpoint sees them as down all the time.3 means up , so i capture the ones that are not 3 (up) and exclude permanent tunnels.
it is better i don't send the trigger action screen as it got messed up
i have also created 2 pollers named as
CP-VPN-TunnelStatus
CP-VPN-TunnelCommunity
these include the snmp OIDs .1.3.6.1.4.1.2620.500.9002.1.3 and .1.3.6.1.4.1.2620.500.9002.1.4
I am not sure if i have to use these or not.
By the way i am not an admin on the solarwinds, i am trying to do it by google and just testing, so any information is accepted
