Nokia IP Firewall Checkpoint Template

[cmarsot]

Hi,

Here is a template for Nokia IP Firewall with checkpoint.
Need SNMP enable on IPSO and Checkpoint.

It will graph:
- Traffic
- CPU on Nokia MIB
- CPU on Checkpoint MIB (Need because of a bug on IPSO 3.8.1 build 33)
- Nb of connections
- Memory Usage
- Nb of Dropped packets
- Nb of Rejected packets
- Nb of Accepted packets
- Availability
- Response Time

[cmarsot]

Here are screenshots

[cmarsot]

Screenshots

[cmarsot]

Screenshots

[cmarsot]

Screenshots

[Pumpi]

cmarsot, your templates ate looking very interessting. I'll try it.

Hope your work fixed my old problem here:

http://forums.cacti.net/viewtopic.php?t ... checkpoint

Thanks !!

[gandalf]

Based on the idea above, I did some modifications. Our fw admin told me, it would be enough to poll snmp port 161 on IPSO. There some "proxy function" in IPSO so there's no need for the script above (that does some snmpwalks against checkpoints snmp port).
So I appended a pure snmp xml. For ease of use I have configured a host template "Checkpint Firewall" that includes all data templates and graph templates.
Do avoid interference with your "SNMP Interface Statistics" I removed them before exporting the host template. So in this themplate, you will only find pure IPSO/Checkpoint stuff.
Another remark: You will notice a black line on the graphs. This represents the MAX values. They will only differ for graphs that represent consolidated values (see http://forums.cacti.net/viewtopic.php?t=9383 for more explanation).
Export is done on cacti 0.8.6c. You will need that version at minimum.
happy cactiing
Reinhard

[brassel]

Hello,

I have just receive a nokia / checkpoint cluster, so I try to integrate it to cacti and I have import your template but I have some problem in getting the data,

I have activate snmp on the IPSO and I can get some simple snmp data, this works fine, but i can not found on the checkpoint interface any option to activate the snmp, so none of the graphs seems to work.

Can you ask your fw admin where is the right option to activate the snmp on checkpoint ?

Thanks,

Regards Claude

[lightningbit]

Hi,

(I'm newbie to cacti, so ....)

would those checkpoint templates also work with Checkpoints secure platform? in stead of Nokia applicances

there are supposed to be some differences in the SNMP set


Olivier

[riz]

cmarsot, reinhard,

excellent job, thanks a million from a cacti noob!

haven't tried either as yet, as I've got some reading to do first, but will let you know how I get on, thanks again.
/riz.

[gandalf]

Can you ask your fw admin where is the right option to activate the snmp on checkpoint ?

The admin says that you simply have to start both agents, the checkpoint one and the nokia one. He didn't have to configure something special
Reinhard

[lightningbit]

Hi,

I started by importing the Nokia scripts to query Secure Platform
it seems to be gathering some data, but the script run shows some errors...

CACTID: Host[10] DEBUG: HOST COMPLETE: About to Exit Host Polling Thread Function
CACTID: DEBUG: The Value of Active Threads is 0
CACTID: DEBUG: Valid Thread to be Created
CACTID: DEBUG: In Poller, About to Start Polling of Host
CACTID: DEBUG: The Value of Active Threads is 1
CACTID: MYSQL: Connecting to MySQL database 'cacti' on 'mgtserver03'...
CACTID: MYSQL: Connected to MySQL database 'cacti' on 'mgtserver03'...
CACTID: Host[11] PING Result: ICMP: Host is Alive
CACTID: Host[11] SNMP Result: Host responded to SNMP
CACTID: DEBUG: SQLCMD: update host set status='3',status_event_count='0', status_fail_date='0000-00-00 00:00:00',status_rec_date='20
05-10-12 15:44:00',status_last_error='SNMP not performed due to setting or ping result,',min_time='9.999990',max_time='114.000080',c
ur_time='90.999960',avg_time='91.499993',total_polls='9',failed_polls='3',availability='66.6667' where id='11'

CACTID: Host[11] RECACHE: Processing 1 items in the auto reindex cache for 'fwsplat01.mycompany.com'
CACTID: Host[11] DEBUG: The POPEN returned the following File Descriptor 7sh: D:/Wwwroot/cacti/scripts/host_availability_current.php
: No such file or directory

CACTID: Host[11] ERROR: Empty result [fwsplat01.mycompany.com]: 'D:/Wwwroot/cacti/scripts/host_availability_current.php 'fwsplat01.mycompany.com'
CACTID: Host[11] DS[689] WARNING: Result from SCRIPT not valid. Partial Result: ...
CACTID: Host[11] DS[689] SCRIPT: D:/Wwwroot/cacti/scripts/host_availability_current.php fwsplat01.mycompany.com, output: U
CACTID: Host[11] DEBUG: The POPEN returned the following File Descriptor 7
sh: D:/Wwwroot/cacti/scripts/host_availability_percent.php: No such file or directory
CACTID: Host[11] ERROR: Empty result [fwsplat01.mycompany.com]: 'D:/Wwwroot/cacti/scripts/host_availability_percent.php 'fwsplat01.mycompany.com'
CACTID: Host[11] DS[688] WARNING: Result from SCRIPT not valid. Partial Result: ...
CACTID: Host[11] DS[688] SCRIPT: D:/Wwwroot/cacti/scripts/host_availability_percent.php fwsplat01.mycompany.com, output: U
CACTID: Host[11] DEBUG: The POPEN returned the following File Descriptor 7The system cannot find the path specified.
CACTID: Host[11] ERROR: Empty result [fwsplat01.mycompany.com]: 'perl D:/Wwwroot/cacti/scripts/checkpointNG.pl fwsplat01.mycompany.com
.1.3.6.1.4.1.2620.1.1.6.0'
CACTID: Host[11] DS[685] WARNING: Result from SCRIPT not valid. Partial Result: ...
CACTID: Host[11] DS[685] SCRIPT: perl D:/Wwwroot/cacti/scripts/checkpointNG.pl fwsplat01.mycompany.com .1.3.6.1.4.1.2620.1.1.6.0, ou
tput: U
CACTID: Host[11] DEBUG: The POPEN returned the following File Descriptor 7The system cannot find the path specified.

CACTID: Host[11] ERROR: Empty result [fwsplat01.mycompany.com]: 'perl D:/Wwwroot/cacti/scripts/checkpointNG.pl fwsplat01.mycompany.com
.1.3.6.1.4.1.2620.1.1.25.3.0'
CACTID: Host[11] DS[683] WARNING: Result from SCRIPT not valid. Partial Result: ...
CACTID: Host[11] DS[683] SCRIPT: perl D:/Wwwroot/cacti/scripts/checkpointNG.pl fwsplat01.mycompany.com .1.3.6.1.4.1.2620.1.1.25.3.0,
output: U
CACTID: Host[11] DEBUG: The POPEN returned the following File Descriptor 7The system cannot find the path specified.

CACTID: Host[11] ERROR: Empty result [fwsplat01.mycompany.com]: 'perl D:/Wwwroot/cacti/scripts/checkpointNG.pl fwsplat01.mycompany.com
.1.3.6.1.4.1.2620.1.1.4.0'
CACTID: Host[11] DS[687] WARNING: Result from SCRIPT not valid. Partial Result: ...
CACTID: Host[11] DS[687] SCRIPT: perl D:/Wwwroot/cacti/scripts/checkpointNG.pl fwsplat01.mycompany.com .1.3.6.1.4.1.2620.1.1.4.0, out
put: U
CACTID: Host[11] DEBUG: The POPEN returned the following File Descriptor 7The system cannot find the path specified.

CACTID: Host[11] ERROR: Empty result [fwsplat01.mycompany.com]: 'perl D:/Wwwroot/cacti/scripts/checkpointNG.pl fwsplat01.mycompany.com
.1.3.6.1.4.1.2620.1.1.5.0'
CACTID: Host[11] DS[686] WARNING: Result from SCRIPT not valid. Partial Result: ...
CACTID: Host[11] DS[686] SCRIPT: perl D:/Wwwroot/cacti/scripts/checkpointNG.pl fwsplat01.mycompany.com .1.3.6.1.4.1.2620.1.1.5.0, out
put: U
CACTID: Host[11] DEBUG: The POPEN returned the following File Descriptor 7
The system cannot find the path specified.
CACTID: Host[11] ERROR: Empty result [fwsplat01.mycompany.com]: 'perl D:/Wwwroot/cacti/scripts/checkpointNG.pl fwsplat01.mycompany.com
.1.3.6.1.4.1.2620.1.6.7.1.4.0'
CACTID: Host[11] DS[684] WARNING: Result from SCRIPT not valid. Partial Result: ...
CACTID: Host[11] DS[684] SCRIPT: perl D:/Wwwroot/cacti/scripts/checkpointNG.pl fwsplat01.mycompany.com .1.3.6.1.4.1.2620.1.6.7.1.4.0,
output: U
CACTID: Host[11] DS[690] SNMP: v2: fwsplat01.mycompany.com, dsname: traffic_in, oid: .1.3.6.1.2.1.2.2.1.10.4, value: 2855346129
CACTID: Host[11] DS[691] SNMP: v2: fwsplat01.mycompany.com, dsname: traffic_in, oid: .1.3.6.1.2.1.2.2.1.10.6, value: 2558555709
CACTID: Host[11] DS[690] SNMP: v2: fwsplat01.mycompany.com, dsname: traffic_out, oid: .1.3.6.1.2.1.2.2.1.16.4, value: 523837009
CACTID: Host[11] DS[691] SNMP: v2: fwsplat01.mycompany.com, dsname: traffic_out, oid: .1.3.6.1.2.1.2.2.1.16.6, value: 2856271348
CACTID: Host[11] DS[682] WARNING: Result from SNMP not valid. Partial Result: ...
CACTID: Host[11] DS[682] SNMP: v2: fwsplat01.mycompany.com, dsname: 5min_cpu, oid: .1.3.6.1.4.1.94.1.21.1.7.1.0, value: U
CACTID: DEBUG: SQLCMD: INSERT INTO poller_output (local_data_id,rrd_name,time,output) VALUES (690,'traffic_in','2005-10-12 15:54:00'
,'2855346129'),(691,'traffic_in','2005-10-12 15:54:00','2558555709'),(690,'traffic_out','2005-10-12 15:54:00','523837009'),(691,'tra
ffic_out','2005-10-12 15:54:00','2856271348'),(682,'5min_cpu','2005-10-12 15:54:00','U'),(689,'responsetime','2005-10-12 15:54:00','
U'),(688,'availability','2005-10-12 15:54:00','U'),(685,'checkpointNG_drop','2005-10-12 15:54:00','U'),(683,'checkpointNG_cnx','2005
-10-12 15:54:00','U'),(687,'checkpointNG_accept','2005-10-12 15:54:00','U'),(686,'checkpointNG_reject','2005-10-12 15:54:00','U'),(6
84,'checkpointNG_mem','2005-10-12 15:54:00','U')
CACTID: Host[11] DEBUG: HOST COMPLETE: About to Exit Host Polling Thread Function
CACTID: DEBUG: The Value of Active Threads is 0
CACTID: DEBUG: SQLCMD: replace into settings (name,value) values ('date',NOW())
CACTID: DEBUG: SQLCMD: insert into poller_time (poller_id, start_time, end_time) values (0, NOW(), NOW())
CACTID: DEBUG: Thread Cleanup Complete
CACTID: DEBUG: PHP Script Server Pipes Closed
CACTID: DEBUG: Allocated Variable Memory Freed

where can I find those missing scripts??

L.

[gandalf]

Sorry, I can't help on this. My post cacti_host_template_checkpoint_firewall.xml does not contain any reference to any php script.
Reinhard

[lightningbit]

Sorry, I can't help on this. My post cacti_host_template_checkpoint_firewall.xml does not contain any reference to any php script.
Reinhard

that is why I'm using your post now
in stead of the nokia one

[lightningbit]

Sorry, I can't help on this. My post cacti_host_template_checkpoint_firewall.xml does not contain any reference to any php script.
Reinhard

that is why I'm using your post now
in stead of the nokia one

however... I cannot get the CPU load from Secure Platform
anyone has ideas?