Cacti

Your equation is not correct. The number of packets CheckPoint reports is the number of accepted packets that are logged. This is also the case with the dropped packet-count. So, in an environment where there are few connections with huge packet-flows (like an ftp-site with large files and few users...

I don't know if this is the correct place to put this, but I have a similar problem/issue. For a Juniper firewall i am graphing the subinterfaces with the template from http://forums.cacti.net/about11064.html . The thing is, this Juniper is configured with VSYS-es and I am looking for a way to get t...

Thanks for your scripts. Just one question, do you know how to get number of vpn client connect ? I can't find something clear in the Checkpoint MIB Best regards HG Try OID .1.3.6.1.4.1.2620.1.9.5.0 This will get you the connected clients to the policy server (VPN-users). See below for my template....

I don't know if this helps, but for the templates to work (on Nokia's IP platform at least) you have to use IPSO-version 3.7 or above. These have the SNMP-proxy setup preconfigured, so you can use the Checkpoint OID's without the need for opening port 260 on your firewall.

What IPSo does, is that it's proxying the requests for the CheckPoint snmpd. So, if you want to get a connection-count of your firewall, you are asking IPSO to ask Checkpoint's snmp to give the connection-count. All you need in your rulebase, is a general rule for your Cacti-host to be allowed to po...

try the following command: You will get a reply like this: if both snmpd's are running

the oids i am looking at for this are from CISCO-VPDN-MGMT-MIB .1.3.6.1.4.1.9.10.24.1.1.4.1.2.2 -> cvpdnSystemTunnelTotal.l2tp .1.3.6.1.4.1.9.10.24.1.1.4.1.3.2 -> cvpdnSystemSessionTotal.l2tp Our working AS5400: # snmpwalk -v 1 -c public AS001 .1.3.6.1.4.1.9.10.24.1.1 SNMPv2-SMI-v1::enterprises.9.1...

Nice template. Unfortunatly we have 2 AS5400s which keep the info at a different OID (the Cisco site defines this different OID as "deprecated") than in this template. Other AS5400 don't have this issue, and all our AS5400s have the same IOS. Is there some possibility to get this template ...

FwGold needs to run on the Management Server and looks into the fw.log for connection-stats and stuff by munging through the output of a "fw log -t" kind of command. Cacti can run on any kind of host, and just needs network-access (and snmpread-access) to query the firewalls. So there are ...

I have seen the same with FP2 on Solaris (and the version is irrelevant, i presume). If I push the rulebase to the firewall, i get a huge spike in the cacti-graph. The values rise from 20m to 8.0M for just a short peak (2 or 3 pollig-cycles). Secureplatform is "just" Linux with FW-1 onto i...

Besides all this, it's just plain annoying that checkpoint's snmpd doesn't return all tha data that's available in the MIB. Not that a non-fw module must return the (for example) floodgate-stats even if that's not installed, but still... For instance: if I want to get the number of users that are lo...

I've tried that also, cloned the host and changed the snmp-port to 260. That didn't work in my situation, though...
Cacti just didn't use the new port, only 161. This is probably because of what jcaesar said about checkpoint's snmpd.

Well, I've created a script that will get the data for me: (This is the OID for the current number of connection a Check Point has in its state-table) snmpget -v 1 -c public $1:260 .1.3.6.1.4.1.2620.1.1.25.3.0 | awk '{print $4}' where $1 is the variable for the hostname that is needed for the snmpge...

Hi everyone, Just out of curiosity I've tried to get cacti to poll a Checkpoint FW1-host, which runs both snmp-daemons (the net-snmp and checkpoint's own snmp, running at udp-port 260). Cacti will poll the net-snmp of the FW just fine, but it can't poll the checkpoint-snmpd of the FW. Somehow it won...

Being able to read is a great thing, understanding the thing you've read is another. The solution was there all along before I posted my question (and I've not read topic http://forums.cacti.net/viewtopic.php?t=4820 good enough), but I haven't realised it until know... :oops: :oops: Kenny P.S. Just ...