Solved

How to send SNMP trap from CheckPoint?

Posted on 2004-04-16
8
5,442 Views
Last Modified: 2013-11-16
Dear Sir
        I'm running Checkpoint Firewall Clustering with StoneBeat Cluster software. Firewall version is NG FP2, I implement HP OpenView and need to receive SNMP trap from CheckPoints. I then configure by going through "Policy" => "Global Properties" => "Log and Alert" => "Alert Commands" and entering the command "internal_snmp_trap A.B.C.D" in "Run SNMP trap alert script". But I get nothing. What's wrong ?
        Does anyone face this problem before ?
        I'm so sure that there is nothing sending from CheckPoint when I tried to trigger this SNMP trap script. The reason I'm so sure, since I execute "snoop" command on my CheckPoint Firewall ( UNIX ).
0
Comment
Question by:sirator
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 23

Accepted Solution

by:
Tim Holman earned 125 total points
ID: 10841030
Depends on the platform.  The alert command you put in is what the OS needs to run in order to send and SNMP trap.  SNMP needs to be enabled on the OS itself in order to do this.

Check Point's SNMP port is 260 (all the firewall related traps).  The OS port remains as 161 for other OS related things (eg interface up/down).

You need specific MIB files for HP Openview.  The default CheckPoint ones won't work.  I believe there's a specific extension available from HP ?


0
 

Author Comment

by:sirator
ID: 11229298
I observed from CheckPoint document, there're many ways to alert the administrator either by mail or snmp.

Referring from Document in terms of Mail Alert, it said, to alert through mail, the internal command will be used by "internal_send_mail" command.
I tested using this command, but it doesn't work. Then I changed to "internal_sendmail" instead, and it works.

Is anything wrong with CheckPoint FP2 document?

Anyway, I can't find "internal_snmp_trap" work at all. Why not?

Looking up from CheckPoint SecureKnowledge, there's nothing come up for help troubleshooting this issue at all.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 11231476
Again, depends on the platform.  For NT, you need to use %FWDIR%\bin\sendmail, to Nokia, you need to use 'ipso sendmail'... ??
Same applies to snmp !
What platform do you use ?
0
How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

 

Author Comment

by:sirator
ID: 11246266
I'm running on Solaris 5.8.

The matter I suspect is that it's capable of enable mail alert with CheckPoint internal command as "internal_sendmail" as described in CheckPoint manual. (Originally from the manual indication it's "internal_send_mail" that I've tested and it didn't really work)

But it doesn't work with "internal_snmp_trap" command. That's thing I'm so confused.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 11358067
Do you still need help with this ?  I've some Solaris manuals I can look at if you want ?
0
 

Author Comment

by:sirator
ID: 11470683
Hi, I would really appreciate if you can provide me a useful document.

Thanks so much in advances.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 11471838
Is there a rule on the firewall allowing SNMP from the firewall to your OpenView servers ?

Have you tried the snmp_trap command ?
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12199362
Is this now resolved ?
0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question