HarkinsIT
asked on
SNMP and the UTM-1 Edge Boxes
Hello there. I am using Cacti to monitor several devices on my network and when we decided to install an Edge box at each of our remote sites to establish site-to-site VPNs, I thought I would also look into monitoring those in cacti as well. I'm able to monitor interface traffic, CPU usage and uptime on the Edge devices using standard templates that come with Cacti. I was also interested in monitoring the number of used nodes vs the number of allowed nodes on each box so I used snmputil to walk the OIDs on the box. I discovered that the .1.3.6.1.4.1.6983.1.3.4 OID shows the number of used nodes so I set up the required things in Cacti to graph it. When I was done, I created the graphs for each of our 28 Edge boxes. Oddly enough, all of them worked except for 2. When I used snmputil to query the OID on those two boxes, I discovered that it did not even exist in these 2 boxes. In fact, the entire .1.3.6.1.4.1.6983 tree was not even there. I ensured that all of my devices were running the latest version of the firmware and also that SNMP was configured identically in each one.
To make matters even crazier, after setting up these "node monitor" graphs on all of my Edge boxes in Cacti, I noticed that some of them stopped graphing. All other graphs for the affected boxes are working fine, it's just the monitored nodes one that decides to stop working. When I use snmputil to again query the OID, .1.3.6.1.4.1.6983 was gone!
I guess I don't understand enough about SNMP to know why an OID would vanish. Has anyone ever seen anything like this?
I appreciate any insight.
-Chris
To make matters even crazier, after setting up these "node monitor" graphs on all of my Edge boxes in Cacti, I noticed that some of them stopped graphing. All other graphs for the affected boxes are working fine, it's just the monitored nodes one that decides to stop working. When I use snmputil to again query the OID, .1.3.6.1.4.1.6983 was gone!
I guess I don't understand enough about SNMP to know why an OID would vanish. Has anyone ever seen anything like this?
I appreciate any insight.
-Chris
ASKER
Yeah, the boxes are UTM-Edge VPN Boxes.
I didn't think the issue had anything to do with Cati since I can't even query the .1.3.6.1.4.1.6983 tree with my snmputil on the problem boxes. I am able to do so with most of my Edge boxes, it's just a few that don't work.
Am I misunderstanding things here?
Thanks for the response!
-Chris
I didn't think the issue had anything to do with Cati since I can't even query the .1.3.6.1.4.1.6983 tree with my snmputil on the problem boxes. I am able to do so with most of my Edge boxes, it's just a few that don't work.
Am I misunderstanding things here?
Thanks for the response!
-Chris
If you know the particular OID then what is the issue with it? Simply query it and it will come back with the response.
ASKER
That's my problem. I query the OID on one of our Edge boxes and it returns a successful response. I query the same OID on another Edge box and it says that the tree doesn't even exist. I get successful responses from most of the Edge boxes but there are 4 or 5 that do not respond to any of the 1.3.6.1.4.1.6983 tree.
Sorry, I thought I explained that in my original question.
Sorry, I thought I explained that in my original question.
hmmm... Is the IOS/firmware same on each edge boxes?
ASKER
Yup, all of my boxes are running the same firmware version.
Seems really strange issue. Have you checked with Checkpoint support ?
ASKER
I have not. I do not have a support agreement with them for these boxes. I have posted something on their support forums, but those are pretty useless. No one has responded, as usual.
Thanks.
Thanks.
What is the exact negative response?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Also from a box that does not work:
C:\>snmputil walk 192.168.48.1 snmpstring .1.3.6.1.4.6983.
End of MIB subtree.
C:\>snmputil walk 192.168.48.1 snmpstring .1.3.6.1.4.6983.
End of MIB subtree.
Can you save the configuration on the troubled box and then reset it with fresh firmware?
ASKER
Hmm. I guess I could. Not something I really wanna do though. I'd have to travel out to the remote site to do this. I guess if it's the only option.....
I leave for someone else who can come up with a better solution
ASKER
Request to close this question so I can avoid receiving the annoying e-mail reminders that it's still open.
Thanks
:-)
Thanks
:-)
I think you are using the Checkpoint UTM? You need to download the MIB tree of checkpoint into your NMS (Cacti).
http://www.oidview.com/mibs/2620/CHECKPOINT-MIB.html
http://support.ipmonitor.com/mibs/CHECKPOINT-MIB/info.aspx