cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 10

CheckPoint IPSec VPN Monitoring

Jump to solution

Hi All,

How to Monitor VPN Tunnel State in checkpoint firewalls ? If there is no default option means it can be done with OID?

Labels (2)
0 Kudos
1 Solution

Praveen,

The 'Unique Name' will be whatever you called your SNMP poller, so replace this for yours.

3 being an status of active, this will alert when it returns any other value.

pastedImage_0.png

Hope it helps.

View solution in original post

12 Replies

Hi Praveen,

you are right, if it does not come up in the defaults, you need to create a UnDP Universal Device Poller. I did a quick search and found this Monitoring IPSec VPN tunnels with CheckPoint OIDs on GAiA R75.46 they list some OIDs you might want to include in your UnDP.

0 Kudos

Thanks Herr

0 Kudos

How do i enable alarms for this when it goes down?

0 Kudos

If you use the Universal Device Poller tool to create a new UnDP for the tunnel you can alert on the "tunnel state", which is reported as a raw number (from the article linked above):

     OID for a specific parameter is .1.3.6.1.4.1.2620.500.9002.1.#.{peer-ip-addr}.0 where # identifies parameter

     3: Tunnel state (3=active, 4=destroy, 129=idle, 130=phase1, 131=down, 132=init, see SK63663)

So if the value of the UnDP != 3 (active), send an alert that something is wrong with the tunnel

Thanks can you send me the alarm config screenshot

0 Kudos

Praveen,

The 'Unique Name' will be whatever you called your SNMP poller, so replace this for yours.

3 being an status of active, this will alert when it returns any other value.

pastedImage_0.png

Hope it helps.

View solution in original post

Hi yaquaholic,

Alert is working but how did you manage the trigger action for this alert.

If you have more than 1 vpn, how do you understand which vpn is down, can you send the trigger action screenshot.

Thank you

0 Kudos

Out trigger ended up looking like this:

SELECT E0.[Uri], E0.[DisplayName]

FROM Orion.NPM.CustomPollerStatusOnNodeTabular AS E0

WHERE E0.[CustomPollerAssignment].[CustomPoller].[UniqueName] = '<poller name goes here>'

AND ( E0.[RawStatus] = '4' OR E0.[RawStatus] > '129' )

And as we were getting a bit of alert noise, we set Condition must exist for more than 5 minutes, to check that the error wasn't just a tunnel reconnecting.

And into the alert email body:

<b>VPN Tunnel alert for ${N=SwisEntity;M=CustomPollerAssignment.Node.Caption} </b>

VPN tunnel peer IP:       ${N=SwisEntity;M=RowLabel}

Status:                            ${N=SwisEntity;M=Status}

Description:                    ${N=SwisEntity;M=CustomPollerAssignment.CustomPoller.Description}

This reports the VPN details to the service desk, to pass to our network team.

Hope it helps!

0 Kudos

Thank you for the reply yaquaholic,

It has changed my alert format a bit but i still couldn't get what i want.

Could you send screenshots as are you doing these settings from cli ?

I couldn't understand the trigger settings my settings are as attached, if you could check it would also be great.

I catch the vpn status as below, 130 and 131 is for permanent tunnels with 3rd parties as checkpoint sees them as down all the time.3 means up , so i capture the ones that are not 3 (up) and exclude permanent tunnels.

pastedImage_0.png

it is better i don't send the trigger action screen as it got messed up

i have also created 2 pollers named as

CP-VPN-TunnelStatus

CP-VPN-TunnelCommunity

these include the snmp OIDs .1.3.6.1.4.1.2620.500.9002.1.3 and .1.3.6.1.4.1.2620.500.9002.1.4

I am not sure if i have to use these or not.

By the way i am not an admin on the solarwinds, i am trying to do it by google and just testing, so any information is accepted

Hi,

Looking into a similar setup, however for non-permanent tunnels (which are to non-checkpoint gateway peers), when the VPN  is not "active" or "phase1" I am unable to get any alerts.

When the VPN is completely down for a non-permanent tunnel, it simply doesn't show in the table, the row is simply removed.

Is there any way I can trigger an alert, based on an already identified row, being no longer in the table?

0 Kudos

Thanks

0 Kudos

Feel free to mark these helpful comments as helpful

0 Kudos