Skip to main content

Useful SNMP OIDs (VSX)

Check Point and SNMP

Monitoring for a Firewall is important, you need to make sure that you see the baseline of your environment and that you can see when some value will go up too high.

The following guide is showing some of the most used SNMP OID for monitoring generic HW Appliances and VSX Clusters.

To Browse the Check Point MIBS use: https://mibs.observium.org/mib/CHECKPOINT-MIB/ or http://oidref.com/1.3.6.1.4.1.2620

Activate SNMP

To enable SNMP on a Check Point FW checkout the sk90860

Check Point MIB Files

MIB Files can be found in sk90470

SNMP OIDs

OIDs: Hardware Status

Hardware sensors (fans, power supplies, temperatures and raid state)

Fan status fanSpeedSensorStatus .1.3.6.1.4.1.2620.1.6.7.8.2.1.6
Power Supply status powerSupplyStatus .1.3.6.1.4.1.2620.1.6.7.9.1.1.2
Raid status raidDiskState .1.3.6.1.4.1.2620.1.6.7.7.2.1.9
Temperature status tempertureSensorTable .1.3.6.1.4.1.2620.1.6.7.8.1
snmpwalk -v 3 -l authNoPriv -u user -A pass vsx1 CHECKPOINT-MIB::fanSpeedSensorStatus
CHECKPOINT-MIB::fanSpeedSensorStatus.1.0 = INTEGER: 0
CHECKPOINT-MIB::fanSpeedSensorStatus.2.0 = INTEGER: 0
CHECKPOINT-MIB::fanSpeedSensorStatus.3.0 = INTEGER: 0
CHECKPOINT-MIB::fanSpeedSensorStatus.4.0 = INTEGER: 0

snmpwalk -v 3 -l authNoPriv -u user -A pass vsx1 CHECKPOINT-MIB::powerSupplyStatus
CHECKPOINT-MIB::powerSupplyStatus.1.0 = STRING: Up
CHECKPOINT-MIB::powerSupplyStatus.2.0 = STRING: Up

snmpwalk -v 3 -l authNoPriv -u user -A pass vsx1 CHECKPOINT-MIB::tempertureSensorTable
CHECKPOINT-MIB::tempertureSensorIndex.1.0 = INTEGER: 1
CHECKPOINT-MIB::tempertureSensorIndex.2.0 = INTEGER: 2
CHECKPOINT-MIB::tempertureSensorIndex.3.0 = INTEGER: 3
CHECKPOINT-MIB::tempertureSensorIndex.4.0 = INTEGER: 4
CHECKPOINT-MIB::tempertureSensorName.1.0 = STRING: CPU0 Temp
CHECKPOINT-MIB::tempertureSensorName.2.0 = STRING: CPU1 Temp
CHECKPOINT-MIB::tempertureSensorName.3.0 = STRING: Intake Temp
CHECKPOINT-MIB::tempertureSensorName.4.0 = STRING: Outlet Temp
CHECKPOINT-MIB::tempertureSensorValue.1.0 = STRING: 65.50
CHECKPOINT-MIB::tempertureSensorValue.2.0 = STRING: 65.00
CHECKPOINT-MIB::tempertureSensorValue.3.0 = STRING: 30.38
CHECKPOINT-MIB::tempertureSensorValue.4.0 = STRING: 31.50
CHECKPOINT-MIB::tempertureSensorUnit.1.0 = STRING: Celsius
CHECKPOINT-MIB::tempertureSensorUnit.2.0 = STRING: Celsius
CHECKPOINT-MIB::tempertureSensorUnit.3.0 = STRING: Celsius
CHECKPOINT-MIB::tempertureSensorUnit.4.0 = STRING: Celsius
CHECKPOINT-MIB::tempertureSensorType.1.0 = STRING: Temperature
CHECKPOINT-MIB::tempertureSensorType.2.0 = STRING: Temperature
CHECKPOINT-MIB::tempertureSensorType.3.0 = STRING: Temperature
CHECKPOINT-MIB::tempertureSensorType.4.0 = STRING: Temperature
CHECKPOINT-MIB::tempertureSensorStatus.1.0 = INTEGER: 0
CHECKPOINT-MIB::tempertureSensorStatus.2.0 = INTEGER: 0
CHECKPOINT-MIB::tempertureSensorStatus.3.0 = INTEGER: 0
CHECKPOINT-MIB::tempertureSensorStatus.4.0 = INTEGER: 0

snmpwalk -v 3 -l authNoPriv -u user -A pass vsx1 CHECKPOINT-MIB::raidDiskState
CHECKPOINT-MIB::raidDiskState.1.0 = INTEGER: 0
CHECKPOINT-MIB::raidDiskState.2.0 = INTEGER: 0

OIDs: Connections

Current connections in certain virtual system and the configured limit.
This limit is configured in the virtual system properties, Optimization section (Capacity Optimization)

https://somoit.net/wp-content/uploads/2019/05/checkpoint-useful-snmp-oids-to-monitor-1.png

Connections fwNumConn.0 .1.3.6.1.4.1.2620.1.1.25.3.0
Connections limit fwConnTableLimit.0 .1.3.6.1.4.1.2620.1.1.25.10.0
snmpwalk -v 3 -l authNoPriv -u user -A pass -n ctxname_vsid2 vsx1 CHECKPOINT-MIB::fwNumConn.0
CHECKPOINT-MIB::fwNumConn.0 = Gauge32: 64121

snmpwalk -v 3 -l authNoPriv -u user -A pass -n ctxname_vsid2 vsx1 CHECKPOINT-MIB::fwConnTableLimit.0
CHECKPOINT-MIB::fwConnTableLimit.0 = Gauge32: 199900

OIDs: ClusterXL state

If you manage a Checkpoint ClusterXL, I suppose you use quite a lot the “cphaprob state” command.

ClusterXLState haState .1.3.6.1.4.1.2620.1.5.6.0
snmpwalk -v 3 -l authNoPriv -u user -A pass -n ctxname_vsid2 vsx1 CHECKPOINT-MIB::haState.0
CHECKPOINT-MIB::haState.0 = STRING: standby

OIDs: CPU

Monitor each of the CPUs

CPUCores multiProcUsage .1.3.6.1.4.1.2620.1.6.7.5.1.5
/usr/bin/snmpwalk -v 3 -l authNoPriv -u user -A pass vsx1 CHECKPOINT-MIB::multiProcUsage
CHECKPOINT-MIB::multiProcUsage.1.0 = Gauge32: 7
CHECKPOINT-MIB::multiProcUsage.2.0 = Gauge32: 2
CHECKPOINT-MIB::multiProcUsage.3.0 = Gauge32: 8
CHECKPOINT-MIB::multiProcUsage.4.0 = Gauge32: 8
CHECKPOINT-MIB::multiProcUsage.5.0 = Gauge32: 7
CHECKPOINT-MIB::multiProcUsage.6.0 = Gauge32: 7
CHECKPOINT-MIB::multiProcUsage.7.0 = Gauge32: 6
CHECKPOINT-MIB::multiProcUsage.8.0 = Gauge32: 6
CHECKPOINT-MIB::multiProcUsage.9.0 = Gauge32: 6
CHECKPOINT-MIB::multiProcUsage.10.0 = Gauge32: 6
CHECKPOINT-MIB::multiProcUsage.11.0 = Gauge32: 6
CHECKPOINT-MIB::multiProcUsage.12.0 = Gauge32: 6
CHECKPOINT-MIB::multiProcUsage.13.0 = Gauge32: 5
CHECKPOINT-MIB::multiProcUsage.14.0 = Gauge32: 5
CHECKPOINT-MIB::multiProcUsage.15.0 = Gauge32: 5

OIDs: Memory

Counters

RAM - Real Total memTotalReal64 .1.3.6.1.4.1.2620.1.6.7.4.3
RAM - Real Active memActiveReal64 .1.3.6.1.4.1.2620.1.6.7.4.4
RAM - Real Free memFreeReal64 .1.3.6.1.4.1.2620.1.6.7.4.5
RAM - Virtual Total memTotalVirtual64 .1.3.6.1.4.1.2620.1.6.7.4.1
RAM - Virtual Active memActiveVirtual64 .1.3.6.1.4.1.2620.1.6.7.4.2
Hmem fails fwHmem-failed-alloc .1.3.6.1.4.1.2620.1.1.26.1.21
System Kmem fails fwKmem-failed-alloc .1.3.6.1.4.1.2620.1.1.26.2.15

Traps

Swap memory utilization alert chkpntSwapMemoryTrap .1.3.6.1.4.1.2620.1.2000.4.1
Real memory utilization alert chkpntRealMemoryTrap .1.3.6.1.4.1.2620.1.2000.4.2

OIDs: Memory VSX

The following SNMP queries have to be done on the VSX Host.

RAM - Memory Usage VS ID vsxStatusMemoryUsageVSId .1.3.6.1.4.1.2620.1.16.22.3.1.1
RAM - Memory Usage VS Name vsxStatusMemoryUsageVSName .1.3.6.1.4.1.2620.1.16.22.3.1.2
RAM - Memory Usage per VS vsxStatusMemoryUsage .1.3.6.1.4.1.2620.1.16.22.3.1.3
/usr/bin/snmpwalk -v 3 -l authNoPriv -u user -A pass vsx1 SNMPv2-SMI::enterprises.2620.1.16.22.3
SNMPv2-SMI::enterprises.2620.1.16.22.3.1.1.1.0 = INTEGER: 0
SNMPv2-SMI::enterprises.2620.1.16.22.3.1.1.2.0 = INTEGER: 1
SNMPv2-SMI::enterprises.2620.1.16.22.3.1.1.3.0 = INTEGER: 2
SNMPv2-SMI::enterprises.2620.1.16.22.3.1.1.4.0 = INTEGER: 3
SNMPv2-SMI::enterprises.2620.1.16.22.3.1.1.5.0 = INTEGER: 4
SNMPv2-SMI::enterprises.2620.1.16.22.3.1.1.6.0 = INTEGER: 5
SNMPv2-SMI::enterprises.2620.1.16.22.3.1.1.7.0 = INTEGER: 6
SNMPv2-SMI::enterprises.2620.1.16.22.3.1.2.1.0 = STRING: "fwvsx01"
SNMPv2-SMI::enterprises.2620.1.16.22.3.1.2.2.0 = STRING: "fw01"
SNMPv2-SMI::enterprises.2620.1.16.22.3.1.2.3.0 = STRING: "fw02"
SNMPv2-SMI::enterprises.2620.1.16.22.3.1.2.4.0 = STRING: "swi01"
SNMPv2-SMI::enterprises.2620.1.16.22.3.1.2.5.0 = STRING: "swi02"
SNMPv2-SMI::enterprises.2620.1.16.22.3.1.2.6.0 = STRING: "fw03"
SNMPv2-SMI::enterprises.2620.1.16.22.3.1.2.7.0 = STRING: "fw04"
SNMPv2-SMI::enterprises.2620.1.16.22.3.1.3.1.0 = Gauge32: 1995131
SNMPv2-SMI::enterprises.2620.1.16.22.3.1.3.2.0 = Gauge32: 335056
SNMPv2-SMI::enterprises.2620.1.16.22.3.1.3.3.0 = Gauge32: 1126517
SNMPv2-SMI::enterprises.2620.1.16.22.3.1.3.4.0 = Gauge32: 98547
SNMPv2-SMI::enterprises.2620.1.16.22.3.1.3.5.0 = Gauge32: 64391
SNMPv2-SMI::enterprises.2620.1.16.22.3.1.3.6.0 = Gauge32: 103978
SNMPv2-SMI::enterprises.2620.1.16.22.3.1.3.7.0 = Gauge32: 86436

Links

Thank you for this BLOG entry somoit.net:

https://somoit.net/checkpoint-fw/useful-snmp-oids-monitor-vsx