Hello all,

I'm trying to install some sensors in order to monitor the dropped and rejected packets (in/out) to all interfaces ETHx (x=1-14) of my appliance checkpoint r75 GAIA . I'm using the MIB found on my appliance, but once imported I see a lot of entries with the following name: fw if: 4/fw drop pckts out - fw if: 4/fw drop pckts in The number"4" changes and I don't know what it means. At the beginning I thought that it was the number of each Ethernet interface but it's not the case (I compare with the log of my appliance). So my first question is: how can I monitor the IN/OUT packets for each interface (for the record, I can monitor the total dropped-rejected packets globally, but I'm unaware about the interface and the flow direction)?

Second question: Is it possible to monitor my IPS alerts? I' tried almost all the values of the MIB but...without result.

Thank you in advance. Michael

Article Comments

Hello,

thank you very much for your KB-Post. Did you look into the Additional Channels on SNMP Traffic Sensors already? They might provide similar results.
If not, I'm afraid the best would be to consult with Checkpoint, they should be able to provide the best answers if and then how certain performance metrics can be obtained (and also what the numbers may mean, if it's not the interface number).

best regards.


Jan, 2014 - Permalink

Hey Torsten,

thank you for answering so quickly. Unfortunately the options listed in SNMP TS is not that I need. I've already tested all these options but without a reliable result. I'm waiting now the Checkpoint's support to answer me.

For the record, I don't have this problem with other appliances (Arkoon, UTM sophos) that I could collect the IPS alerts by activating the SYSLOG(!)

thanks again


Jan, 2014 - Permalink

I have a similar need. I was wondering if Checkpoint was able to answer your question or not. I am looking for the MIB/OID to pick up the RX and TX ring buffer packet drops.


Jun, 2014 - Permalink

i found it. OID 1.3.6.1.2.1.2.2.1.13


Jun, 2014 - Permalink

Michael, can you tell me if you coud configure PRTG to monitor the IPS blade?


Apr, 2015 - Permalink

Hello,

I am trying to monitor with PRTG the number of packet dropped per second. I know that the OID is the following :

.1.3.6.1.4.1.2620.1.1.25.9.0 and the output is a sting. I created then a custom string sensor to use the IOD. However the output is weird : I get a numerical number too high to be exact.

How did you manage to do it ?

Thanks


Jan, 2018 - Permalink

Hello tarekidres

The number obtained by this OID(fwDroppedBytesTotalRate) is since last reboot of your device, so I think that it is normal. You can verify that by looking in the NIC's statistics.

thx Mik


Jan, 2018 - Permalink