2 Replies Latest reply on Dec 11, 2014 4:30 AM by sotasolutions

    Watchguard BOVPN Tunnels in NPM

    sotasolutions

      We have a number of Watchguard XTMs in production that provide WAN connectivity via Branch Office VPN.  These are also configured with failover connections as well.  Although NPM appears to pick up the physical interfaces of the Watchguard devices and also their VLANs, it doesn't appear to pick up the VPN tunnels.

       

      Is NPM able to recognise VPNs on Watchguards as a network interface object, and if so, how should it be configured so that it does.

       

      If NPM isn't able to recognise these in this way, how do you configure it so that it's able to display throughput data and also alert on failure or backup failover?

        • Re: Watchguard BOVPN Tunnels in NPM
          raystout

          Take a look at 1.3.6.1.4.1.3097 in the ORION MIB database.

          There are a number of OIDs for the BoVPN connections... However I have not found a single OID providing a status such as that seen in the device manager. (Active|| Inactive || Expired)

           

          Let me know if you find one.....

           

          EX: From the manual.

          VPN Tunnel Status and Subscription Services

          The front panel of Firebox System Manager (FSM) includes statistics about current VPN tunnels.

          In the Firebox Status area on the right side of the window is a section on BOVPN tunnels. Firebox System Manager shows the current tunnel status and gateway information for each VPN tunnel as well as data sent and received, creation and expiration information, type of authentication and encryption used, and the number of rekeys.

          Each BOVPN tunnel is shown in one of three states:

          Active

          The BOVPN tunnel operates correctly and passes traffic.

          Inactive

          The BOVPN tunnel has been created, but no tunnel negotiation has occurred. No traffic has been sent through the VPN tunnel.

          Expired

          The BOVPN tunnel was active, but is no longer active because the tunnel has no traffic or because the link between the gateways was lost.

          This information also appears on the Device Status tab in WatchGuard System Manager.

          1 of 1 people found this helpful
            • Re: Watchguard BOVPN Tunnels in NPM
              sotasolutions

              Thanks for the suggestion Ray.  When I posted this query, I figured that as there didn't appear to be a way to do this natively, I'd have to revert to a UDP.  You're right that the Watchguard OIDs appear to have a fair number of pollers regarding BoVPNs in terms of the traffic going over them and static info like the remote host IP, but nothing as simple as whether they're up or not.  I did look at creating a UDP to record data, and then get Orion to alert if that poller was ever "0", but I do remember hitting a brick wall in getting that to work properly.

               

              It'd be nice if NPM was able to recognise BoVPNs as part of Network Topology, (and particularly recognise Watchguard High Availability pairs as something other than a "virtual device" ) because that would bring in a whole bundle of juicy, useful goodness.