Solved

How to send SNMP trap from CheckPoint?

Posted on 2004-04-16
8
5,507 Views
Last Modified: 2013-11-16
Dear Sir
        I'm running Checkpoint Firewall Clustering with StoneBeat Cluster software. Firewall version is NG FP2, I implement HP OpenView and need to receive SNMP trap from CheckPoints. I then configure by going through "Policy" => "Global Properties" => "Log and Alert" => "Alert Commands" and entering the command "internal_snmp_trap A.B.C.D" in "Run SNMP trap alert script". But I get nothing. What's wrong ?
        Does anyone face this problem before ?
        I'm so sure that there is nothing sending from CheckPoint when I tried to trigger this SNMP trap script. The reason I'm so sure, since I execute "snoop" command on my CheckPoint Firewall ( UNIX ).
0
Comment
Question by:sirator
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 23

Accepted Solution

by:
Tim Holman earned 125 total points
ID: 10841030
Depends on the platform.  The alert command you put in is what the OS needs to run in order to send and SNMP trap.  SNMP needs to be enabled on the OS itself in order to do this.

Check Point's SNMP port is 260 (all the firewall related traps).  The OS port remains as 161 for other OS related things (eg interface up/down).

You need specific MIB files for HP Openview.  The default CheckPoint ones won't work.  I believe there's a specific extension available from HP ?


0
 

Author Comment

by:sirator
ID: 11229298
I observed from CheckPoint document, there're many ways to alert the administrator either by mail or snmp.

Referring from Document in terms of Mail Alert, it said, to alert through mail, the internal command will be used by "internal_send_mail" command.
I tested using this command, but it doesn't work. Then I changed to "internal_sendmail" instead, and it works.

Is anything wrong with CheckPoint FP2 document?

Anyway, I can't find "internal_snmp_trap" work at all. Why not?

Looking up from CheckPoint SecureKnowledge, there's nothing come up for help troubleshooting this issue at all.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 11231476
Again, depends on the platform.  For NT, you need to use %FWDIR%\bin\sendmail, to Nokia, you need to use 'ipso sendmail'... ??
Same applies to snmp !
What platform do you use ?
0
Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

 

Author Comment

by:sirator
ID: 11246266
I'm running on Solaris 5.8.

The matter I suspect is that it's capable of enable mail alert with CheckPoint internal command as "internal_sendmail" as described in CheckPoint manual. (Originally from the manual indication it's "internal_send_mail" that I've tested and it didn't really work)

But it doesn't work with "internal_snmp_trap" command. That's thing I'm so confused.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 11358067
Do you still need help with this ?  I've some Solaris manuals I can look at if you want ?
0
 

Author Comment

by:sirator
ID: 11470683
Hi, I would really appreciate if you can provide me a useful document.

Thanks so much in advances.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 11471838
Is there a rule on the firewall allowing SNMP from the firewall to your OpenView servers ?

Have you tried the snmp_trap command ?
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12199362
Is this now resolved ?
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question