hi all, i have imported the mib of barracuda fw (aka phion) to prtg. i want to monitor the s2s vpn with oid 1.3.6.1.4.1.10704.1.6 i have response from snmp tester but i can't add the correct sensor

From the documentation i see

VPN Tunnels\\
Description: Reports all active site-to-site and client-to-site VPN tunnels established on the firewall.

Node ID: 1.3.6.1.4.1.10704.1.6

PHION-MIB group: vpnTunnels

PHiON-MIB Fields
Name	Type	Description	Possible Values
vpnName DisplayString (64)  Tunnel name	IPSEC-Wien2Inn-5.5.5.0-8.8.8.0, ...\\
vpnState Integer32 Tunnel status	-1 : down, 0 :  down-disabled, 1 :  active\\

For IKEv2 VPN tunnels, the OID will include the SA of the tunnel, which changes periodically. In order to avoid mismatches, remove the last three digits of the OID, for example: If the OID ends with .123.51.49.52, remove .51.49.52

Article Comments

Hello Michele,

Thank you for you message.

Regarding what you would like to monitor, I'm afraid that PRTG doesn't support dynamic OIDs. When they come to change, PRTG will return an error due to OID not existing anymore.

If the IPSec VPN do not change dynamically, then you can add them in PRTG by using the OID you provided with the SNMP Custom Table sensor.

If you have questions, let us know.

Regards.


Mar, 2021 - Permalink

Hello Florian, thanks for reply, i want monitor the s2s of my bo, plant and wh and all are tina tunnel (barracuda proprietary ipsec), so i expect no oid change. of course i have some ike v1 and v2, but only with supplier and i don't want monitor them. i have insered the oid in snmp table sensor and seems work, but i don't know how compile the field required..


Mar, 2021 - Permalink

Thank you for your information and clarification.

Can you please explain what you mean exactly by "but i don't know how compile the field required"? Are you talking about the SNMP Custom Table sensor?

If that's the case, then the SNMP Custom Table sensor will create one sensor for each VPN tunnel selected in the list, with the channel(s) you have configured under the list.

According to the OID you provided, there is two OIDs returned which are the Name and the Status of the VPN tunnel. Therefore, you should configure the identification column to the OID which returns the name of the VPN and then, configure the State channel with the second OID, as illustrated below:

Barracuda FW

Of course, you need to create and assign your lookup file to display meaningful information based on the value received.

If you have further questions, let me know.

Regards.


Mar, 2021 - Permalink

YES! I have added the sensor, thanks for the screenshot! How i can set the response trigger, as for example the dns sensor? i know if is 1 is active, 0 is down and -1 is disabled, so i want 1 green, 0 red and -1 yellow


Mar, 2021 - Permalink

To use the VPN tunnel name as channel name, simply configure the Identification Column field to 1.3.6.1.4.1.10704.1.6.1.1 as illustrated on the screenshot I provided.

Then, configure the following parameters like this:

  • Channel Name: State
  • Channel Column: 1.3.6.1.4.1.10704.1.6.1.2

Regarding the sensor state, I invite you to create a custom lookup for it instead of using limits or threshold trigger only (if you desire to use all values returns by the OID). With a lookup, you can get the state of the tunnel displayed as string and handle the sensor state accordingly.

  <?xml version="1.0" encoding="UTF-8"?>
  <ValueLookup id="BarracudaFW.vpn.status" desiredValue="1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="PaeValueLookup.xsd">
    <Lookups>
      <SingleInt state="Error" value="-1">
        Down
      </SingleInt>
	  <SingleInt state="OK" value="0">
        Down(disabled)
      </SingleInt>
      <SingleInt state="OK" value="1">
       Active
      </SingleInt>
     </Lookups>
  </ValueLookup>

To use the lookup above, you need to follow the steps below:

  • Create the lookup file under "C:\Program Files (x86)\PRTG Network Monitor\lookups\custom"
  • Reload the lookups under Setup > System Administration > Administrative Tools > Load Lookups and File Lists (/systemsetup.htm?tabid=7)
  • Configure the lookup in the sensor settings

Regards.


Mar, 2021 - Permalink

Many many many thanks! i have added all the vpn and all seems fine! i keep in test some days and then i enable the notification! Thanks a lot for help!


Mar, 2021 - Permalink

Thank you for your feedback.

Have a great day.


Mar, 2021 - Permalink