?
Solved

How to send SNMP trap from CheckPoint?

Posted on 2004-04-16
8
Medium Priority
?
5,695 Views
Last Modified: 2013-11-16
Dear Sir
        I'm running Checkpoint Firewall Clustering with StoneBeat Cluster software. Firewall version is NG FP2, I implement HP OpenView and need to receive SNMP trap from CheckPoints. I then configure by going through "Policy" => "Global Properties" => "Log and Alert" => "Alert Commands" and entering the command "internal_snmp_trap A.B.C.D" in "Run SNMP trap alert script". But I get nothing. What's wrong ?
        Does anyone face this problem before ?
        I'm so sure that there is nothing sending from CheckPoint when I tried to trigger this SNMP trap script. The reason I'm so sure, since I execute "snoop" command on my CheckPoint Firewall ( UNIX ).
0
Comment
Question by:sirator
  • 5
  • 3
8 Comments
 
LVL 23

Accepted Solution

by:
Tim Holman earned 375 total points
ID: 10841030
Depends on the platform.  The alert command you put in is what the OS needs to run in order to send and SNMP trap.  SNMP needs to be enabled on the OS itself in order to do this.

Check Point's SNMP port is 260 (all the firewall related traps).  The OS port remains as 161 for other OS related things (eg interface up/down).

You need specific MIB files for HP Openview.  The default CheckPoint ones won't work.  I believe there's a specific extension available from HP ?


0
 

Author Comment

by:sirator
ID: 11229298
I observed from CheckPoint document, there're many ways to alert the administrator either by mail or snmp.

Referring from Document in terms of Mail Alert, it said, to alert through mail, the internal command will be used by "internal_send_mail" command.
I tested using this command, but it doesn't work. Then I changed to "internal_sendmail" instead, and it works.

Is anything wrong with CheckPoint FP2 document?

Anyway, I can't find "internal_snmp_trap" work at all. Why not?

Looking up from CheckPoint SecureKnowledge, there's nothing come up for help troubleshooting this issue at all.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 11231476
Again, depends on the platform.  For NT, you need to use %FWDIR%\bin\sendmail, to Nokia, you need to use 'ipso sendmail'... ??
Same applies to snmp !
What platform do you use ?
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 

Author Comment

by:sirator
ID: 11246266
I'm running on Solaris 5.8.

The matter I suspect is that it's capable of enable mail alert with CheckPoint internal command as "internal_sendmail" as described in CheckPoint manual. (Originally from the manual indication it's "internal_send_mail" that I've tested and it didn't really work)

But it doesn't work with "internal_snmp_trap" command. That's thing I'm so confused.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 11358067
Do you still need help with this ?  I've some Solaris manuals I can look at if you want ?
0
 

Author Comment

by:sirator
ID: 11470683
Hi, I would really appreciate if you can provide me a useful document.

Thanks so much in advances.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 11471838
Is there a rule on the firewall allowing SNMP from the firewall to your OpenView servers ?

Have you tried the snmp_trap command ?
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12199362
Is this now resolved ?
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month16 days, 21 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question