[revisited] Nokia IP Firewall Checkpoint Template V0.2

Templates, scripts for templates, scripts and requests for templates.

Moderators: Developers, Moderators

User avatar
gandalf
Developer
Posts: 22383
Joined: Thu Dec 02, 2004 2:46 am
Location: Muenster, Germany
Contact:

Post by gandalf »

Please read the docs at http://www.rrdtool.org for those types (they are really good).
Reinhard
barahona
Posts: 6
Joined: Thu May 11, 2006 5:51 am

Post by barahona »

lvm wrote:Please read the docs at http://www.rrdtool.org for those types (they are really good).
Reinhard
True, is more complete than the man info, especially the "NOTE on COUNTER vs DERIVE" :)

By the way, I mistyped in my last post were talking about:

[...] with "Maximum Value" equals to cero [...]

should be MINIMUM.

Sorry for the noise in the forum and thanks for the help.
User avatar
gandalf
Developer
Posts: 22383
Joined: Thu Dec 02, 2004 2:46 am
Location: Muenster, Germany
Contact:

Post by gandalf »

Feel free to ask again, if in trouble. That's why we're here :wink:
Reinhard
vincent.kilchoer
Posts: 2
Joined: Fri Feb 03, 2006 11:15 am

Post by vincent.kilchoer »

Hi.

I'm running checkpoint over 2 IP350 & 2 IP380

I've successfully installed the template. Start SNMP from IPSO + cpconfig.

But nothing is graphed. When I check my device on cacti, I can see that cacti can talk with the firewall (No snmp error message).

I think I've a problem with my CheckPoint SNMP config. Anyone can help me?

Vincent
kill9
Posts: 1
Joined: Tue Jun 20, 2006 5:13 pm
Contact:

Post by kill9 »

Very nice. I have the firewall graphs working against fw-1 on a Windows box as well. The resource queries would need some heavy tweaking, but they're not critical.
Now I just need to sort the graph spikes on policy load...
sstruyf
Posts: 1
Joined: Mon Jun 26, 2006 6:19 am

nokia ip560

Post by sstruyf »

I installed the template, but i can't see any interfaces to graph.
i have 2 nokia ip560's.
HG
Posts: 6
Joined: Fri Sep 16, 2005 3:52 am

Post by HG »

Thanks for your scripts.

Just one question, do you know how to get number of vpn client connect ?

I can't find something clear in the Checkpoint MIB

Best regards

HG
eliniaws
Posts: 12
Joined: Wed Aug 31, 2005 1:06 pm

Post by eliniaws »

Hi,

I am trying to get these graphs working however I have a few issues. I dont seem to be able to poll any data. I am sure this is to do with my checkpoint setup. I am a unix admin, my network guy is a cisco man so between us we are finding it very difficult to ascertain where and what we need to set up. We have enabled snmp through the nokia web interface and also using cpconfig on the firewall but I still dont get any data from the firewalls when polling. The standard snmp daemon is running on port 161. Any help greatly appreciated.

Some version info below

IPSO 3.9.x
Cacti 0.8.6.h
Redhat AS
User avatar
gandalf
Developer
Posts: 22383
Joined: Thu Dec 02, 2004 2:46 am
Location: Muenster, Germany
Contact:

Post by gandalf »

So you're at a quite better point than me (not being a Cisco guy nor a Nokia one). You may read the thread thoroughly. There was a post on how to activate some snmp proxy for nokia/checkpoint.
You may get the OIDs from the template. Please try to snmpwalk them. If no data is seen, your configuration may be not correct.
Reinhard
eliniaws
Posts: 12
Joined: Wed Aug 31, 2005 1:06 pm

Post by eliniaws »

Thanks,

Yes i had seen the post in question and it was the same as my snmpd.conf proxy setting. However, I had assumed that the community string 'public' was set for the internal cp snmpd (as i dont remember setting this to our standard one), so in the end...all I had to do was change the procy statement to have our community string and hey presto everything worked. What a pain for me !! :oops:
User avatar
gandalf
Developer
Posts: 22383
Joined: Thu Dec 02, 2004 2:46 am
Location: Muenster, Germany
Contact:

Post by gandalf »

eliniaws wrote:.. What a pain for me !! :oops:
Fine, though, that you published your struggle to help other readers avoiding the same ...
Reinhard
User avatar
Kenny
Posts: 15
Joined: Wed Oct 13, 2004 6:58 am

Post by Kenny »

I don't know if this helps, but for the templates to work (on Nokia's IP platform at least) you have to use IPSO-version 3.7 or above. These have the SNMP-proxy setup preconfigured, so you can use the Checkpoint OID's without the need for opening port 260 on your firewall.
User avatar
Kenny
Posts: 15
Joined: Wed Oct 13, 2004 6:58 am

Post by Kenny »

HG wrote:Thanks for your scripts.

Just one question, do you know how to get number of vpn client connect ?

I can't find something clear in the Checkpoint MIB

Best regards

HG
Try OID .1.3.6.1.4.1.2620.1.9.5.0

This will get you the connected clients to the policy server (VPN-users).
See below for my template. I dunno if this will work on another setup, and it's not very sophisticated (just a graph and data-template).
Attachments
cacti_graph_template_checkpoint_connected_clients.xml
This is the (self-created) template for graphing the VPN-users to one of my firewalls
(9.97 KiB) Downloaded 789 times
steven_JP
Posts: 2
Joined: Tue Oct 17, 2006 9:02 pm

Post by steven_JP »

Hi

When I try and the cacti_host_template_checkpoint_firewall_116.xml, I get
"Notice: Undefined index: oid_index in /var/www/html/cacti/lib/data_query.php on line 156

Notice: Undefined index: oid_index in /var/www/html/cacti/lib/data_query.php on line 159

Warning: Variable passed to each() is not an array or object in /var/www/html/cacti/lib/data_query.php on line 181

Warning: Variable passed to each() is not an array or object in /var/www/html/cacti/lib/data_query.php on line 515

Warning: Cannot add header information - headers already sent by (output started at /var/www/html/cacti/lib/data_query.php:156) in /var/www/html/cacti/host.php on line 77
"

Any ideas ? THANKS
User avatar
gandalf
Developer
Posts: 22383
Joined: Thu Dec 02, 2004 2:46 am
Location: Muenster, Germany
Contact:

Post by gandalf »

Please make sure to configre php for allowing uploads

Code: Select all

grep upload php.ini
; Whether to allow HTTP file uploads.
file_uploads = On
; Temporary directory for HTTP uploaded files (will use system default if not
;upload_tmp_dir =
; Maximum allowed size for uploaded files.
upload_max_filesize = 2M
Reinhard
Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest