SNMP and the UTM-1 Edge Boxes

Hello there. I am using Cacti to monitor several devices on my network and when we decided to install an Edge box at each of our remote sites to establish site-to-site VPNs, I thought I would also look into monitoring those in cacti as well. I'm able to monitor interface traffic, CPU usage and uptime on the Edge devices using standard templates that come with Cacti. I was also interested in monitoring the number of used nodes vs the number of allowed nodes on each box so I used snmputil to walk the OIDs on the box. I discovered that the .1.3.6.1.4.1.6983.1.3.4 OID shows the number of used nodes so I set up the required things in Cacti to graph it. When I was done, I created the graphs for each of our 28 Edge boxes. Oddly enough, all of them worked except for 2. When I used snmputil to query the OID on those two boxes, I discovered that it did not even exist in these 2 boxes. In fact, the entire .1.3.6.1.4.1.6983 tree was not even there. I ensured that all of my devices were running the latest version of the firmware and also that SNMP was configured identically in each one.

To make matters even crazier, after setting up these "node monitor" graphs on all of my Edge boxes in Cacti, I noticed that some of them stopped graphing.  All other graphs for the affected boxes are working fine, it's just the monitored nodes one that decides to stop working.  When I use snmputil to again query the OID, .1.3.6.1.4.1.6983 was gone!  

I guess I don't understand enough about SNMP to know why an OID would vanish. Has anyone ever seen anything like this?

I appreciate any insight.

-Chris
HarkinsITAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Kamran ArshadIT AssociateCommented:
Hi,

I think you are using the Checkpoint UTM? You need to download the MIB tree of checkpoint into your NMS (Cacti).

http://www.oidview.com/mibs/2620/CHECKPOINT-MIB.html
http://support.ipmonitor.com/mibs/CHECKPOINT-MIB/info.aspx
0
HarkinsITAuthor Commented:
Yeah, the boxes are UTM-Edge VPN Boxes.

I didn't think the issue had anything to do with Cati since I can't even query the .1.3.6.1.4.1.6983 tree with my snmputil on the problem boxes.  I am able to do so with most of my Edge boxes, it's just a few that don't work.

Am I misunderstanding things here?

Thanks for the response!
-Chris
0
Kamran ArshadIT AssociateCommented:
If you know the particular OID then what is the issue with it? Simply query it and it will come back with the response.
0
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

HarkinsITAuthor Commented:
That's my problem.  I query the OID on one of our Edge boxes and it returns a successful response.  I query the same OID on another Edge box and it says that the tree doesn't even exist.  I get successful responses from most of the Edge boxes but there are 4 or 5 that do not respond to any of the 1.3.6.1.4.1.6983 tree.  

Sorry, I thought I explained that in my original question.
0
Kamran ArshadIT AssociateCommented:
hmmm... Is the IOS/firmware same on each edge boxes?
0
HarkinsITAuthor Commented:
Yup, all of my boxes are running the same firmware version.
0
Kamran ArshadIT AssociateCommented:
Seems really strange issue. Have you checked with Checkpoint support ?
0
HarkinsITAuthor Commented:
I have not.  I do not have a support agreement with them for these boxes.  I have posted something on their support forums, but those are pretty useless.  No one has responded, as usual.

Thanks.
0
Kamran ArshadIT AssociateCommented:
What is the exact negative response?
0
HarkinsITAuthor Commented:
This is from a box that does not work:

C:\>snmputil walk 192.168.48.1 snmpstring .1.3.6.1.4.6983.1.3.4
End of MIB subtree.

This is from a box that does:

C:\>snmputil walk 192.168.20.1 snmpstring .1.3.6.1.4.1.6983.1.3.4
Variable = .iso.org.dod.internet.private.enterprises.6983.1.3.4.0
Value    = Integer32 2


0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
HarkinsITAuthor Commented:
Also from a box that does not work:

C:\>snmputil walk 192.168.48.1 snmpstring .1.3.6.1.4.6983.
End of MIB subtree.
0
Kamran ArshadIT AssociateCommented:
Can you save the configuration on the troubled box and then reset it with fresh firmware?
0
HarkinsITAuthor Commented:
Hmm.  I guess I could.  Not something I really wanna do though.  I'd have to travel out to the remote site to do this.  I guess if it's the only option.....
0
Kamran ArshadIT AssociateCommented:
I leave for someone else who can come up with a better solution
0
HarkinsITAuthor Commented:
Request to close this question so I can avoid receiving the annoying e-mail reminders that it's still open.

Thanks
:-)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.