Question

Checkpoint IPsec Tunnel Monitoring.

  • 30 May 2023
  • 8 replies
  • 96 views

Userlevel 1
Badge

Hi all,

Is anyone using the LM to Monitor IPSec Tunnel monitoring?  if so, are you using the custom OID

 


8 replies

Userlevel 7
Badge +18

I don’t know what custom OID you might be referring to, but we do have some significant customizations to that DS.

  1. We have modified the script to add another output to detect if the device is a standby device. 
  2. We created a datapoint to store that:
  3. Then we modified the TunnelActiveTime_Seconds datapoint:

This might not be what you are looking for, but it helped us reduce alerts for when a secondary unit was offline.

Userlevel 3
Badge +2

Hello Nishil, can you confirm the device type and vendor in which the IPSec tunnels are configured?

Userlevel 1
Badge

@tswisdom -  The device type is the Firewall and Vendor is the Checkpoint.

Userlevel 1
Badge

@Stuart Weenig - I was reading the Checkpoint article it mention about to monitor state of the VPN tunnel via SNMP OID 1.3.6.1.4.1.2620.500.9002.1.3 and SNMP OID 1.3.6.1.4.1.2620.500.9003.1.3.  I don’t think those OID is added in the Checkpoint core. 

Here the link for the article.

https://support.checkpoint.com/results/sk/sk63663

Userlevel 7
Badge +18

If you have the OIDs, have you attempted to build the DS yourself?

Userlevel 3
Badge +2

Much obliged Nishil,

Evaluating our core Checkpoint modules, it doesn’t appear we’re currently capturing IPSec Tunnel data, nor do we have a generic IPSec Tunnel module. I also evaluated community modules in the exchange, and didn’t surface anything that’d collect this data. With that said, given you already have the appropriate OID’s, you should certainly be able to capture the data via custom datasource, we touch on how to do so here. You may also wish to take a moment to submit feedback through your portal requesting IPSec Tunnel Monitoring be added for Checkpoint devices.

Warm regards,
Tyler Wisdom

Userlevel 2
Badge +2

There’s also a quick 7min video tutorial on making an SNMP DataSource in our LearningBytes training series here…

Learning Byte: Making an SNMP DataSource
https://academy.logicmonitor.com/making-an-snmp-datasource/1329215 

Userlevel 7
Badge +18

Ug, the sign in process to get to the academy. So broken, especially if you have SSO configured. Please tell me the advances made with the multi-SSO platform will provide a single login page with Skilljar redirection built in.

Reply