Checkpoint IPsec Tunnel Monitoring.
Hi all,
Is anyone using the LM to Monitor IPSec Tunnel monitoring? if so, are you using the custom OID
Forum Discussion
9 Replies
Stuart_WeenigLegend
I don’t know what custom OID you might be referring to, but we do have some significant customizations to that DS.
- We have modified the script to add another output to detect if the device is a standby device.
- We created a datapoint to store that:
- Then we modified the TunnelActiveTime_Seconds datapoint:
This might not be what you are looking for, but it helped us reduce alerts for when a secondary unit was offline.
- We have modified the script to add another output to detect if the device is a standby device.
tswisdomLM Champion
Much obliged Nishil,
Evaluating our core Checkpoint modules, it doesn’t appear we’re currently capturing IPSec Tunnel data, nor do we have a generic IPSec Tunnel module. I also evaluated community modules in the exchange, and didn’t surface anything that’d collect this data. With that said, given you already have the appropriate OID’s, you should certainly be able to capture the data via custom datasource, we touch on how to do so here. You may also wish to take a moment to submit feedback through your portal requesting IPSec Tunnel Monitoring be added for Checkpoint devices.
Warm regards,
Tyler Wisdom
Eric_HThere’s also a quick 7min video tutorial on making an SNMP DataSource in our LearningBytes training series here…
Learning Byte: Making an SNMP DataSource
https://academy.logicmonitor.com/making-an-snmp-datasource/1329215- tswisdom
Hello Nishil, can you confirm the device type and vendor in which the IPSec tunnels are configured?
@tswisdom - The device type is the Firewall and Vendor is the Checkpoint.@Stuart Weenig - I was reading the Checkpoint article it mention about to monitor state of the VPN tunnel via SNMP OID 1.3.6.1.4.1.2620.500.9002.1.3 and SNMP OID 1.3.6.1.4.1.2620.500.9003.1.3. I don’t think those OID is added in the Checkpoint core.Here the link for the article.
- Stuart_Weenig
If you have the OIDs, have you attempted to build the DS yourself?
- Stuart_Weenig
Ug, the sign in process to get to the academy. So broken, especially if you have SSO configured. Please tell me the advances made with the multi-SSO platform will provide a single login page with Skilljar redirection built in.
Just wanted to toss a note in here saying I stumbled upon this by accident but was actually something we were actively looking into how to monitor this on CheckPoints. So, thanks for opening the original thread,
@Nishil Vachhani . Secondly, I was able to build a datasource to monitor a specific tunnel. It’s a bit tedious if you have to repeat that for multiple tunnels at a site. But for anyone looking to just monitor a few, it’s definitely doable using the OID info in the CheckPoint article linked in the comments above. It’s not the cleanest thing ever and it’s definitely something I hope LM builds into their standard CheckPoint datasources and tidies up a bit. But for now, this seems to get the job done.
