[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

How to send SNMP trap from CheckPoint?

Posted on 2004-04-16
8
Medium Priority
?
5,633 Views
Last Modified: 2013-11-16
Dear Sir
        I'm running Checkpoint Firewall Clustering with StoneBeat Cluster software. Firewall version is NG FP2, I implement HP OpenView and need to receive SNMP trap from CheckPoints. I then configure by going through "Policy" => "Global Properties" => "Log and Alert" => "Alert Commands" and entering the command "internal_snmp_trap A.B.C.D" in "Run SNMP trap alert script". But I get nothing. What's wrong ?
        Does anyone face this problem before ?
        I'm so sure that there is nothing sending from CheckPoint when I tried to trigger this SNMP trap script. The reason I'm so sure, since I execute "snoop" command on my CheckPoint Firewall ( UNIX ).
0
Comment
Question by:sirator
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 23

Accepted Solution

by:
Tim Holman earned 375 total points
ID: 10841030
Depends on the platform.  The alert command you put in is what the OS needs to run in order to send and SNMP trap.  SNMP needs to be enabled on the OS itself in order to do this.

Check Point's SNMP port is 260 (all the firewall related traps).  The OS port remains as 161 for other OS related things (eg interface up/down).

You need specific MIB files for HP Openview.  The default CheckPoint ones won't work.  I believe there's a specific extension available from HP ?


0
 

Author Comment

by:sirator
ID: 11229298
I observed from CheckPoint document, there're many ways to alert the administrator either by mail or snmp.

Referring from Document in terms of Mail Alert, it said, to alert through mail, the internal command will be used by "internal_send_mail" command.
I tested using this command, but it doesn't work. Then I changed to "internal_sendmail" instead, and it works.

Is anything wrong with CheckPoint FP2 document?

Anyway, I can't find "internal_snmp_trap" work at all. Why not?

Looking up from CheckPoint SecureKnowledge, there's nothing come up for help troubleshooting this issue at all.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 11231476
Again, depends on the platform.  For NT, you need to use %FWDIR%\bin\sendmail, to Nokia, you need to use 'ipso sendmail'... ??
Same applies to snmp !
What platform do you use ?
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 

Author Comment

by:sirator
ID: 11246266
I'm running on Solaris 5.8.

The matter I suspect is that it's capable of enable mail alert with CheckPoint internal command as "internal_sendmail" as described in CheckPoint manual. (Originally from the manual indication it's "internal_send_mail" that I've tested and it didn't really work)

But it doesn't work with "internal_snmp_trap" command. That's thing I'm so confused.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 11358067
Do you still need help with this ?  I've some Solaris manuals I can look at if you want ?
0
 

Author Comment

by:sirator
ID: 11470683
Hi, I would really appreciate if you can provide me a useful document.

Thanks so much in advances.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 11471838
Is there a rule on the firewall allowing SNMP from the firewall to your OpenView servers ?

Have you tried the snmp_trap command ?
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12199362
Is this now resolved ?
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question