11 Replies Latest reply on Sep 6, 2011 2:44 PM by MrSampsonite

    NPM and Sonicwall

      My company is revisiting purchasing Orion NPM but have an abundance of Sonicwalls that we need to make sure it can give us quality info about our VPN tunnels.  The quick and dirty description of our network is that we have one main location that has a PRO 2040 Enhanced running SonicOS Enhanced 4.2.0.1-12e.  We then have about 20 smaller locations that are running miscellaneous Sonicwalls that have been bought as each location has come into the company.  Each has the equivalent of a TZ-170 Standard (plus or minus a version or two).   These offices use VPN tunnels to connect via the the 2040 to the main office to use the centralized billing system among other things.  We also have a handful of Ciscos that connect to a few bigger offices that I know NPM works fine with, but when we tested it some time ago, the experts there said there was no way of getting individual VPN Tunnel traffic into NPM.  I have since only found one thing that even remotely gives anything regarding the VPN tunnels which is a template plugin for Cacti (www.cacti.net) which is located here (http://forums.cacti.net/about2893.html).  If we can get at least what the Cacti plugin gives us, we would probably buy NPM as we already know it works well with the Ciscos.  I'll also mention that we would be using this on server 2008 64bit which is running off of Hyper-V (in case that matters).

       

      Anyone with experience with a setup like this please give your thoughts and what addons, plugins, MiBs, etc I need to look for when we start evaluating this again.

      I'm a complete noob to monitoring, mibs, etc. so please respond as if you are responding to an idiot as I am only a small step above that.

       

      Thanks in advance for any help.

        • Re: NPM and Sonicwall
          lchance

          We have a state with ~50 locations using SonicWalls. TZ150 through TZ200.

          About 2/3 of these come into HQ (Cisco VPN Concentrators) and the remainer are backhauls through SonicWall 3060 then MPLS.

          Absolutely no issues using Solarwinds Orion to monitor these devices with SNMP - Fault & Performance-wise. You won't be thrilled with SonicWall's MIBs - they leave a lot to be desired.

          No fault of Solarwinds for a MIB.

          Right now our NPM is on standalone hardware systems - I'm holding off going into virtualization and SAN for many reasons. I might do it in 2010.

          Maybe someone else can speak to your Hyper-V ... seems to me that NPM is not ready to be used on Server 2008 but it can monitor them.

          Good luck to you!

          • Re: NPM and Sonicwall

            Have you tried using the Universal Device Poller to locate a MIB that will give you the information you're looking for?  This might be a place to start.  If the Sonicwall Firewall doesn't report the information in a MIB through SNMP, then you'll have to get really creative.

              • Re: NPM and Sonicwall
                lchance

                I constantly use UnDP and you're right it is a place to start. But this is why I mention those MIBs leave a lot to be desired. It doesn't provide a whole lot compared to most other vendors' MIBs, but it is something at least.

                  • Re: NPM and Sonicwall

                    So with the above information, should we be able to graph/monitor each individual VPN tunnel?  At minimum we would like to have packets in/out of each tunnel.  Preferably we would like to be able to drill down farther and see individual computers that may be saturating a tunnel, but I'll take what I can get.

                     

                    Maybe someone could fill in the blank for me.  With the above mentioned available Sonicwall MIBs and Orion NPM I would be able to have graphs/monitoring of ____(please list everything)_____

                     

                    Thanks for all of your help and for not ridiculing an obvious noob to all of this.  My previous trial version has long since expired and have tried to avoid getting the sales guys back involved until I was confident there was a chance we could benefit from it.  If you guys think we can get the type of information we are looking for, I will get back in touch and get a fresh trial to test it.

                      • Re: NPM and Sonicwall

                        I'm sorry to bump this post, but if someone could answer the above post it could mean us buying Orion NPM and making my life tons easier.

                         

                        Thanks!

                          • Re: NPM and Sonicwall
                            bshopp

                            So based on previous comments above you can get basic performance and fault stats like CPU, memory etc.

                            So I opened the script referenced above and these are the OID's they are polling so you could create a UnDP to grab this info and display within Orion as well.

                            Since lchance has similar devices I will see if I can get him to reply with more info on how they use on their side.

                            $sonicSAStatPeerGateway          = "1.3.6.1.4.1.8741.1.3.2.1.1.1.2.";
                            $sonicSAStatDecryptByteCount      = "1.3.6.1.4.1.8741.1.3.2.1.1.1.11.";
                            $sonicSAStatEncryptByteCount      = "1.3.6.1.4.1.8741.1.3.2.1.1.1.9.";
                            $sonicSAStatUserName          = "1.3.6.1.4.1.8741.1.3.2.1.1.1.14.";

                            • Re: NPM and Sonicwall
                              nikki.jennings

                              Sac,

                              It will probably be easier if we jump on a quick GoToMeeting with you. Can you shoot me a direct message at nikki.jennings@solarwinds.com with your information?

                            • Re: NPM and Sonicwall
                              lchance

                              SAC:

                              Here are a few examples I've put together for you. And I hope you understand there are many ways and many other metrics to include here but I don't think that's practical with this forum.

                              HTH.

                               

                               

                               

                               

                        • Re: NPM and Sonicwall

                          I dealt with SonicWall on this subject a few weeks ago. I did not try importing these statistics into Orion but you can configure the sonic wall to run a realtime report with the firewall settings / reporting to get the information you are after. I dont know of anyway to poll that data though but if you have service contracts with sonic wall I am sure they would probably be willing to work with you on that.

                          • Re: NPM and Sonicwall

                            Thank you for your replies.  I will be going over this with my boss and see what we can come up with.  I will come back to mark best answers soon.

                             

                            Thanks again to everyone.