How to monitor Checkpoint firewall

For Checkpoint monitoring you need to fully enable the SNMP to include the Checkpoint extension. The following site gives details on how to do this:

knowurtech.com/.../enabling_snmp_in_checkpoint.html

Hope this helps

This seems to be a lot of conflicting information out there on how to get SNMP working. Since you mentioned SPLAT I'm assuming you want the info for that instead of Nokia, which the other poster provided.

For SPLAT, please look here - http://clintspot.blogspot.com/2007/10/monitoring-checkpoint-firewalls-with.html

I used this and the instructions work perfectly. Even includes OIDs.

Here is how you can accomplish this on the SPLAT box:

A- start snmpd service on the SPLAT box "service snmpd restart"

B- modify the /etc/snmp/snmpd.users.conf and add the following lines "rocommunity cciesecurity"

C- restart snmpd daemon with "service snmpd restart"

D- make sure you have rule on the firewall to allow snmp from the solariwind to the checkpoint firewall, both port 161 and 260

E- run "cpconfig" in expert mode in the SPLAT and enable snmp extension.  this will require restarting the firewall service.  Do this during maintenance window,

F- restart snmpd service "service snmpd restart"

G- Verify that snmpd extension is working "netstat -an | grep 260",

H- run a quick test from any Linux system:

CentOS ~ # snmpwalk -v 2c -c cciesecurity 192.168.1.229 .1.3.6.1.4.1.2620.1.6.7.2.4.0
SNMPv2-SMI::enterprises.2620.1.6.7.2.4.0 = INTEGER: 2 ---> CPU usage
CentOS ~ #
CentOS ~ # snmpwalk -v 2c -c cciesecurity 192.168.1.229 1.3.6.1.4.1.2620.1.1.25.4
SNMPv2-SMI::enterprises.2620.1.1.25.4.0 = INTEGER: 39962 ---> max connections
CentOS ~ #

Easy right?

One thing I do notice is that Solarwind NPM version 9.5 SP4 does not monitor CPU usage on Checkpoint SPLAT NGx R70 correctly.

Hi netmonguy,

The steps all you said,I have do it before, I test from other linux system can get the value,but on solarwinds,when I new a node to monitor port 260 still get no responds message....

I too am not able to get SolarWinds to correctly access port 260 for the Checkpoint devices. Has anyone opened a ticket on this?

Please read the link I posted earlier, this is covered.

Checkpoint has its own SNMP daemon that sits on port 260. UCD SNMP is also on SPLAT installs, and uses port 161. There is a line in /etc/snmp/snmpd.conf that tells UCD SNMP to proxy the Checkpoint specific OIDs to the Checkpoint SNMP.

UCD handles all of this for you, so all you need to do is make sure UDP 161 is open to the firewall from SolarWinds.

If you follow the link, the answer is there.

Thanks

My issue is not with starting the SNMP daemon in Checkpoint. It is getting SolarWinds to correctly poll on port 260. The firewall platform is IPSO. Other SNMP pollers are able to correctly poll on port 260 so I know the service has been started correcly.

Couple of questions:

1) Do you have a VPN mesh set up?

2) Are you using clustering, and if so are you trying to monitor the standby member?

I ran into a problem on SPLAT where if the above were true, then standby members of a cluster couldn't be monitored because of the way Checkpoint handles traffic generated on the firewall. Essentially it was sending back SNMP replies, but the replies weren't going into the tunnel so I never got the response.

IPSO may be similar, but I have way to test.

That may give you some ideas. It could be a Checkpoint problem and not SolarWinds.

1. No

2. Yes, but only one is up.

I have a different SNMP utility that is successfully querying both the VIP and the real IP of the fw.