Check Point Next Generation Firewall by SNMP
Macros used
| Name | Value |
|---|---|
| {$CPU.UTIL.CRIT} | 90 |
| {$DISK.FREE.MIN.CRIT} | 5G |
| {$DISK.FREE.MIN.WARN} | 10G |
| {$DISK.NAME.MATCHES} | .+ |
| {$DISK.NAME.NOT_MATCHES} | ^(/dev|/sys|/run|/proc|.+/shm$) |
| {$DISK.PUSED.MAX.CRIT} | 90 |
| {$DISK.PUSED.MAX.WARN} | 80 |
| {$FW.DROPPED.PACKETS.TH} | 0 |
| {$ICMP_LOSS_WARN} | 20 |
| {$ICMP_RESPONSE_TIME_WARN} | 0.15 |
| {$LICENSE.CONTROL} | 1 |
| {$LICENSE.EXPIRY.WARN} | 7 |
| {$LOAD_AVG_PER_CPU.MAX.WARN} | 1.5 |
| {$MEMORY.UTIL.MAX} | 90 |
| {$NET.IF.CONTROL} | 1 |
| {$NET.IF.ERRORS.WARN} | 2 |
| {$NET.IF.IFADMINSTATUS.MATCHES} | .* |
| {$NET.IF.IFADMINSTATUS.NOT_MATCHES} | ^2$ |
| {$NET.IF.IFALIAS.MATCHES} | .* |
| {$NET.IF.IFALIAS.NOT_MATCHES} | CHANGE_IF_NEEDED |
| {$NET.IF.IFDESCR.MATCHES} | .* |
| {$NET.IF.IFDESCR.NOT_MATCHES} | CHANGE_IF_NEEDED |
| {$NET.IF.IFNAME.MATCHES} | .* |
| {$NET.IF.IFNAME.NOT_MATCHES} | CHANGE_IF_NEEDED |
| {$NET.IF.IFOPERSTATUS.MATCHES} | .* |
| {$NET.IF.IFOPERSTATUS.NOT_MATCHES} | ^6$ |
| {$NET.IF.IFTYPE.MATCHES} | .* |
| {$NET.IF.IFTYPE.NOT_MATCHES} | CHANGE_IF_NEEDED |
| {$NET.IF.UTIL.MAX} | 95 |
| {$SNMP.TIMEOUT} | 5m |
| {$SW.NAME.MATCHES} | .* |
| {$SW.NAME.NOT_MATCHES} | CHANGE_IF_NEEDED |
| {$TEMP.NAME.MATCHES} | .* |
| {$TEMP.NAME.NOT_MATCHES} | CHANGE_IF_NEEDED |
| {$TEMP.VALUE.CRIT} | 75 |
| {$TEMP.VALUE.LOW} | 5 |
| {$TEMP.VALUE.WARN} | 65 |
| {$VOLT.NAME.MATCHES} | .* |
| {$VOLT.NAME.NOT_MATCHES} | CHANGE_IF_NEEDED |
| {$VPN.NAME.MATCHES} | .* |
| {$VPN.NAME.NOT_MATCHES} | CHANGE_IF_NEEDED |
| {$VPN.STATE.CONTROL} | 1 |
Items collected
| Name | Description | Type | Interval | Key and additional info |
|---|---|---|---|---|
| Check Point: ICMP ping | Host accessibility by ICMP. 0 - ICMP ping fails. 1 - ICMP ping successful. | SIMPLE | - | icmpping |
| Check Point: ICMP loss | Percentage of lost packets. | SIMPLE | - | icmppingloss |
| Check Point: ICMP response time | ICMP ping response time (in seconds). | SIMPLE | - | icmppingsec |
| Check Point: SNMP walk network interfaces | Used for discovering interfaces from IF-MIB. | SNMP_AGENT | - | net.if.walk |
| Check Point: Remote Access users | MIB: CHECKPOINT-MIB Number of remote access users. | SNMP_AGENT | - | remote.users.number |
| Check Point: SNMP walk fan sensors | Used for discovering fan sensors from CHECKPOINT-MIB. | SNMP_AGENT | - | sensor.fan.walk |
| Check Point: SNMP walk PSU sensors | Used for discovering power supply sensors from CHECKPOINT-MIB. | SNMP_AGENT | - | sensor.psu.walk |
| Check Point: SNMP walk temperature sensors | Used for discovering temperature sensors from CHECKPOINT-MIB. | SNMP_AGENT | - | sensor.temp.walk |
| Check Point: SNMP walk voltage sensors | Used for discovering voltage sensors from CHECKPOINT-MIB. | SNMP_AGENT | - | sensor.volt.walk |
| Check Point: SNMP traps (fallback) | Used to collect all SNMP traps unmatched by other snmptrap items. | SNMP_TRAP | - | snmptrap.fallback |
| Check Point: SNMP walk svn features | Used for discovering software blades and features from CHECKPOINT-MIB. | SNMP_AGENT | - | svn.feature.walk |
| Check Point: System contact details | MIB: SNMPv2-MIB Name and contact information of the contact person for the node. If not provided, the value is a zero-length string. | SNMP_AGENT | 15m | system.contact |
| Check Point: CPU idle time | MIB: CHECKPOINT-MIB Average time the CPU has spent doing nothing. | SNMP_AGENT | - | system.cpu.idle |
| Check Point: CPU interrupts per second | MIB: CHECKPOINT-MIB Number of interrupts processed per second. | SNMP_AGENT | - | system.cpu.intr |
| Check Point: Load average (1m avg) | MIB: UCD-SNMP-MIB Average number of processes being executed or waiting over the last minute. | SNMP_AGENT | - | system.cpu.load.avg1 |
| Check Point: Load average (5m avg) | MIB: UCD-SNMP-MIB Average number of processes being executed or waiting over the last 5 minutes. | SNMP_AGENT | - | system.cpu.load.avg5 |
| Check Point: Load average (15m avg) | MIB: UCD-SNMP-MIB Average number of processes being executed or waiting over the last 15 minutes. | SNMP_AGENT | - | system.cpu.load.avg15 |
| Check Point: Number of CPUs | MIB: CHECKPOINT-MIB Number of processors. | SNMP_AGENT | - | system.cpu.num |
| Check Point: Context switches per second | MIB: UCD-SNMP-MIB Number of context switches per second. | SNMP_AGENT | - | system.cpu.switches |
| Check Point: CPU system time | MIB: CHECKPOINT-MIB Average time the CPU has spent running the kernel and its processes. | SNMP_AGENT | - | system.cpu.system |
| Check Point: CPU user time | MIB: CHECKPOINT-MIB Average time the CPU has spent running user processes that are not niced. | SNMP_AGENT | - | system.cpu.user |
| Check Point: CPU utilization | MIB: CHECKPOINT-MIB CPU utilization per core in %. | SNMP_AGENT | - | system.cpu.util |
| Check Point: SNMP walk CPU | Used for discovering CPU from CHECKPOINT-MIB. | SNMP_AGENT | - | system.cpu.walk |
| Check Point: System description | MIB: SNMPv2-MIB Full name and version identification of the system's hardware type, software operating system, and networking software. | SNMP_AGENT | 15m | system.descr |
| Check Point: Appliance manufacturer | MIB: CHECKPOINT-MIB Appliance manufacturer. | SNMP_AGENT | 1h | system.hw.manufacturer |
| Check Point: Appliance product name | MIB: CHECKPOINT-MIB Appliance product name. | SNMP_AGENT | 1h | system.hw.model |
| Check Point: Appliance serial number | MIB: CHECKPOINT-MIB Appliance serial number. | SNMP_AGENT | 1h | system.hw.serialnumber |
| Check Point: System location | MIB: SNMPv2-MIB Physical location of the node (e.g., equipment room, 3rd floor). If not provided, the value is a zero-length string. | SNMP_AGENT | 15m | system.location |
| Check Point: System name | MIB: SNMPv2-MIB An administratively-assigned name for the node (the node's fully-qualified domain name). If not provided, the value is a zero-length string. | SNMP_AGENT | 15m | system.name |
| Check Point: System object ID | MIB: SNMPv2-MIB The vendor's authoritative identification of the entity as part of the vendor's SMI enterprises subtree with the prefix 1.3.6.1.4.1 (e.g., a vendor with the identifier 1.3.6.1.4.1.4242 might assign a system object with the OID 1.3.6.1.4.1.4242.1.1). | SNMP_AGENT | 15m | system.objectid |
| Check Point: System uptime | MIB: HOST-RESOURCES-V2-MIB Time since the network management portion of the system was last re-initialized. | SNMP_AGENT | - | system.uptime |
| Check Point: SNMP walk disks | Used for discovering storage disks from CHECKPOINT-MIB. | SNMP_AGENT | - | vfs.fs.walk |
| Check Point: Active memory | MIB: CHECKPOINT-MIB Active real memory (memory used by applications that is not cached to the disk) in bytes. | SNMP_AGENT | - | vm.memory.active |
| Check Point: Free memory | MIB: CHECKPOINT-MIB Free memory available for applications in bytes. | SNMP_AGENT | - | vm.memory.free |
| Check Point: Total memory | MIB: CHECKPOINT-MIB Total real memory in bytes. Memory used by applications. | SNMP_AGENT | - | vm.memory.total |
| Check Point: Used memory | Used real memory calculated by total real memory and free real memory in bytes. | CALCULATED | - | vm.memory.used |
| Check Point: Memory utilization | Memory utilization in %. | CALCULATED | - | vm.memory.util |
| Check Point: Decrypted packets per second | MIB: CHECKPOINT-MIB Number of decrypted packets per second. | SNMP_AGENT | - | vpn.packets.decrypted |
| Check Point: Encrypted packets per second | MIB: CHECKPOINT-MIB Number of encrypted packets per second. | SNMP_AGENT | - | vpn.packets.encrypted |
| Check Point: SNMP walk VPN tunnels | Used for discovering VPN tunnels from CHECKPOINT-MIB. | SNMP_AGENT | - | vpn.tunnel.walk |
| Check Point: SNMP agent availability | Availability of SNMP checks on the host. The value of this item corresponds to the availability icons in the host list. Possible values: 0 - not available 1 - available 2 - unknown | INTERNAL | - | zabbix[host,snmp,available] |
Triggers
| Name | Description | Expression | Priority | Dependencies |
|---|---|---|---|---|
| Check Point: Unavailable by ICMP ping | Last three attempts returned timeout. Please check device connectivity. | max(/Check Point Next Generation Firewall by SNMP/icmpping,#3)=0 | HIGH ⛔ | Check Point: ICMP ping |
| Check Point: High ICMP ping loss | ICMP packet loss detected. | min(/Check Point Next Generation Firewall by SNMP/icmppingloss,5m)>{$ICMP_LOSS_WARN} and min(/Check Point Next Generation Firewall by SNMP/icmppingloss,5m)<100 | WARNING 📢 | Check Point: ICMP loss |
| Check Point: High ICMP ping response time | Average ICMP response time is too high. | avg(/Check Point Next Generation Firewall by SNMP/icmppingsec,5m)>{$ICMP_RESPONSE_TIME_WARN} | WARNING 📢 | Check Point: ICMP response time |
| {HOST.HOST} Recieved new SNMP trap | - | nodata(/Check Point Next Generation Firewall by SNMP/snmptrap.fallback,5m)=0 and length(last(/Check Point Next Generation Firewall by SNMP/snmptrap.fallback))>1 | HIGH ⛔ | Check Point: SNMP traps (fallback) |
| Check Point: High CPU utilization | CPU utilization is too high. The system might be slow to respond. | min(/Check Point Next Generation Firewall by SNMP/system.cpu.util,5m)>{$CPU.UTIL.CRIT} | WARNING 📢 | Check Point: CPU utilization |
| Check Point: Device has been replaced | The device serial number has changed. Acknowledge to close the problem manually. | last(/Check Point Next Generation Firewall by SNMP/system.hw.serialnumber,#1)<>last(/Check Point Next Generation Firewall by SNMP/system.hw.serialnumber,#2) and length(last(/Check Point Next Generation Firewall by SNMP/system.hw.serialnumber))>0 | INFO 🔔 | Check Point: Appliance serial number |
| Check Point: System name has changed | The name of the system has changed. Acknowledge to close the problem manually. | last(/Check Point Next Generation Firewall by SNMP/system.name,#1)<>last(/Check Point Next Generation Firewall by SNMP/system.name,#2) and length(last(/Check Point Next Generation Firewall by SNMP/system.name))>0 | INFO 🔔 | Check Point: System name |
| Check Point: Device has been restarted | Uptime is less than 10 minutes. | last(/Check Point Next Generation Firewall by SNMP/system.uptime)<10m | INFO 🔔 | Check Point: System uptime |
| Check Point: High memory utilization | The system is running out of free memory. | min(/Check Point Next Generation Firewall by SNMP/vm.memory.util,5m)>{$MEMORY.UTIL.MAX} | AVERAGE ⚠ | Check Point: Memory utilization |
| Check Point: No SNMP data collection | SNMP is not available for polling. Please check device connectivity and SNMP settings. | max(/Check Point Next Generation Firewall by SNMP/zabbix[host,snmp,available],{$SNMP.TIMEOUT})=0 | WARNING 📢 | Check Point: SNMP agent availability |
Discovery rule №1
| Name | Description | Type | Interval | Key and additional info |
|---|---|---|---|---|
| CPU discovery | For discovering CPU from CHECKPOINT-MIB. | DEPENDENT | 0 | cpu.discovery |
Item prototypes
| Name | Description | Type | Interval | Key and additional info |
|---|---|---|---|---|
| CPU Core {#CPU.ID}: CPU idle time | MIB: CHECKPOINT-MIB The time the CPU {#CPU.ID} has spent doing nothing. | DEPENDENT | - | system.core.idle[multiProcIdleTime.{#CPU.ID}] |
| CPU Core {#CPU.ID}: CPU system time | MIB: CHECKPOINT-MIB The time the CPU {#CPU.ID} has spent running the kernel and its processes. | DEPENDENT | - | system.core.system[multiProcSystemTime.{#CPU.ID}] |
| CPU Core {#CPU.ID}: CPU user time | MIB: CHECKPOINT-MIB The time the CPU {#CPU.ID} has spent running user processes that are not niced. | DEPENDENT | - | system.core.user[multiProcUserTime.{#CPU.ID}] |
| CPU Core {#CPU.ID}: CPU utilization | MIB: CHECKPOINT-MIB CPU {#CPU.ID} utilization in %. | DEPENDENT | - | system.core.util[multiProcUsage.{#CPU.ID}] |
Discovery rule №2
| Name | Description | Type | Interval | Key and additional info |
|---|---|---|---|---|
| FAN discovery | For discovering fan sensors from CHECKPOINT-MIB. | DEPENDENT | 0 | fan.discovery |
Item prototypes
| Name | Description | Type | Interval | Key and additional info |
|---|---|---|---|---|
| FAN {#SNMPINDEX}: Fan speed | MIB: CHECKPOINT-MIB Current speed of the fan. | DEPENDENT | - | sensor.fan.speed[fanSpeedSensorValue.{#SNMPINDEX}] |
| FAN {#SNMPINDEX}: Fan status | MIB: CHECKPOINT-MIB Current status of the fan tray. | DEPENDENT | - | sensor.fan.status[fanSpeedSensorStatus.{#SNMPINDEX}] |
Trigger prototypes
| Name | Description | Expression | Priority | Dependencies |
|---|---|---|---|---|
| FAN {#SNMPINDEX}: Fan speed is out of range | Please check the fan unit. | count(/Check Point Next Generation Firewall by SNMP/sensor.fan.status[fanSpeedSensorStatus.{#SNMPINDEX}],#3,"eq",1)=3 | AVERAGE ⚠ | FAN {#SNMPINDEX}: Fan status |
Discovery rule №3
| Name | Description | Type | Interval | Key and additional info |
|---|---|---|---|---|
| Firewall discovery | This discovery will create a set of firewall metrics from CHECKPOINT-MIB if the firewall is installed. | SNMP_AGENT | 1h | fw.discovery |
Item prototypes
| Name | Description | Type | Interval | Key and additional info |
|---|---|---|---|---|
| Check Point Firewall: Accepted packets per second{#SINGLETON} | MIB: CHECKPOINT-MIB Number of accepted packets per second. | SNMP_AGENT | - | fw.accepted[fwAccepted.{#SNMPINDEX}] |
| Check Point Firewall: Peak concurrent connections{#SINGLETON} | MIB: CHECKPOINT-MIB Peak number of concurrent connections since last reboot. | SNMP_AGENT | - | fw.conn.num.peak[fwPeakNumConn.{#SNMPINDEX}] |
| Check Point Firewall: Concurrent connections{#SINGLETON} | MIB: CHECKPOINT-MIB Number of concurrent IPv6 and IPv4 connections. | SNMP_AGENT | - | fw.conn.num[fwNumConn.{#SNMPINDEX}] |
| Check Point Firewall: Dropped packets per second{#SINGLETON} | MIB: CHECKPOINT-MIB Number of dropped packets per second. | SNMP_AGENT | - | fw.dropped[fwDropped.{#SNMPINDEX}] |
| Check Point Firewall: Firewall filter install time{#SINGLETON} | MIB: CHECKPOINT-MIB Last install time of the firewall filter. | SNMP_AGENT | - | fw.filter.installed[fwFilterDate.{#SNMPINDEX}] |
| Check Point Firewall: Firewall filter name{#SINGLETON} | MIB: CHECKPOINT-MIB Name of the firewall filter. | SNMP_AGENT | - | fw.filter.name[fwFilterName.{#SNMPINDEX}] |
| Check Point Firewall: Logged packets per second{#SINGLETON} | MIB: CHECKPOINT-MIB Number of logged packets per second. | SNMP_AGENT | - | fw.logged[fwLogged.{#SNMPINDEX}] |
| Check Point Firewall: Rejected packets per second{#SINGLETON} | MIB: CHECKPOINT-MIB Number of rejected packets per second. | SNMP_AGENT | - | fw.rejected[fwRejected.{#SNMPINDEX}] |
| Check Point Firewall: SIC Trust State{#SINGLETON} | MIB: CHECKPOINT-MIB Firewall SIC Trust State. | SNMP_AGENT | - | fw.sic.trust.state[fwSICTrustState.{#SNMPINDEX}] |
| Check Point Firewall: Utilized drops number per second{#SINGLETON} | MIB: CHECKPOINT-MIB Number of dropped packets per second due to instance being fully utilized. | SNMP_AGENT | - | fw.utilized.drops[fwFullyUtilizedDrops.{#SNMPINDEX}] |
| Check Point Firewall: Firewall version{#SINGLETON} | MIB: CHECKPOINT-MIB Current version of the firewall. | SNMP_AGENT | - | fw.version[fwVersion.{#SNMPINDEX}] |
Trigger prototypes
| Name | Description | Expression | Priority | Dependencies |
|---|---|---|---|---|
| Check Point Firewall: Instance is currently fully utilized | This trigger uses the number of dropped packets, an increase of which indicates that the instance is fully utilized. | avg(/Check Point Next Generation Firewall by SNMP/fw.utilized.drops[fwFullyUtilizedDrops.{#SNMPINDEX}],5m)>{$FW.DROPPED.PACKETS.TH} | HIGH ⛔ | Check Point Firewall: Utilized drops number per second{#SINGLETON} |
Discovery rule №4
| Name | Description | Type | Interval | Key and additional info |
|---|---|---|---|---|
| Network interfaces discovery | For discovering interfaces from IF-MIB. | DEPENDENT | 0 | net.if.discovery |
Item prototypes
| Name | Description | Type | Interval | Key and additional info |
|---|---|---|---|---|
| Interface {#IFNAME}({#IFALIAS}): Inbound packets discarded | MIB: IF-MIB The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. One possible reason for discarding such a packet could be to free up buffer space. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime. | DEPENDENT | - | net.if.in.discards[ifInDiscards.{#SNMPINDEX}] |
| Interface {#IFNAME}({#IFALIAS}): Inbound packets with errors | MIB: IF-MIB For packet-oriented interfaces - the number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. For character-oriented or fixed-length interfaces - the number of inbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol. Discontinuities in the value of this counter can occur at re-initialization of the management system and at other times as indicated by the value of ifCounterDiscontinuityTime. | DEPENDENT | - | net.if.in.errors[ifInErrors.{#SNMPINDEX}] |
| Interface {#IFNAME}({#IFALIAS}): Bits received | MIB: IF-MIB The total number of octets received on the interface, including framing characters. This object is a 64-bit version of ifInOctets. Discontinuities in the value of this counter can occur at re-initialization of the management system and at other times as indicated by the value of ifCounterDiscontinuityTime. | DEPENDENT | - | net.if.in[ifInOctets.{#SNMPINDEX}] |
| Interface {#IFNAME}({#IFALIAS}): Outbound packets discarded | MIB: IF-MIB The number of outbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. One possible reason for discarding such a packet could be to free up buffer space. Discontinuities in the value of this counter can occur at re-initialization of the management system, and at other times as indicated by the value of ifCounterDiscontinuityTime. | DEPENDENT | - | net.if.out.discards[ifOutDiscards.{#SNMPINDEX}] |
| Interface {#IFNAME}({#IFALIAS}): Outbound packets with errors | MIB: IF-MIB For packet-oriented interfaces - the number of outbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. For character-oriented or fixed-length interfaces - the number of outbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol. Discontinuities in the value of this counter can occur at re-initialization of the management system and at other times as indicated by the value of ifCounterDiscontinuityTime. | DEPENDENT | - | net.if.out.errors[ifOutErrors.{#SNMPINDEX}] |
| Interface {#IFNAME}({#IFALIAS}): Bits sent | MIB: IF-MIB The total number of octets transmitted out of the interface, including framing characters. This object is a 64-bit version of ifOutOctets. Discontinuities in the value of this counter can occur at re-initialization of the management system and at other times as indicated by the value of ifCounterDiscontinuityTime. | DEPENDENT | - | net.if.out[ifOutOctets.{#SNMPINDEX}] |
| Interface {#IFNAME}({#IFALIAS}): Speed | MIB: IF-MIB An estimate of the interface's current bandwidth in units of 1,000,000 bits per second. If this object reports a value of n, then the speed of the interface is somewhere in the range of n-500,000 to n+499,999. For interfaces that do not vary in bandwidth or for those where no accurate estimation can be made, this object should contain the nominal bandwidth. For a sub-layer which has no concept of bandwidth, this object should be zero. | DEPENDENT | - | net.if.speed[ifSpeed.{#SNMPINDEX}] |
| Interface {#IFNAME}({#IFALIAS}): Operational status | MIB: IF-MIB The current operational state of the interface. - The testing(3) state indicates that no operational packets can be passed. - If ifAdminStatus is down(2), then ifOperStatus should be down(2). - If ifAdminStatus is changed to up(1), then ifOperStatus should change to up(1) if the interface is ready to transmit and receive network traffic. - It should change to dormant(5) if the interface is waiting for external actions (such as a serial line waiting for an incoming connection). - It should remain in the down(2) state if and only if there is a fault that prevents it from going to the up(1) state. - It should remain in the notPresent(6) state if the interface has missing (typically, hardware) components. | DEPENDENT | - | net.if.status[ifOperStatus.{#SNMPINDEX}] |
| Interface {#IFNAME}({#IFALIAS}): Interface type | MIB: IF-MIB The type of interface. Additional values for ifType are assigned by the Internet Assigned Numbers Authority (IANA) through updating the syntax of the IANAifType textual convention. | DEPENDENT | - | net.if.type[ifType.{#SNMPINDEX}] |
Trigger prototypes
| Name | Description | Expression | Priority | Dependencies |
|---|---|---|---|---|
| Interface {#IFNAME}({#IFALIAS}): Link down | This trigger expression works as follows: 1. It can be triggered if the interface link status is down. 2. {$NET.IF.CONTROL:"{#IFNAME}"}=1 - a user can redefine the context macro to "0", marking this interface as not important. No new trigger will be fired if this interface link is down. 3. {TEMPLATE_NAME:METRIC.diff()}=1 - the trigger fires only if the interface link status was up to "1" sometime before. WARNING: If closed manually, it will not fire again on the next poll because of diff. | {$NET.IF.CONTROL:"{#IFNAME}"}=1 and last(/Check Point Next Generation Firewall by SNMP/net.if.status[ifOperStatus.{#SNMPINDEX}])=1 and (last(/Check Point Next Generation Firewall by SNMP/net.if.status[ifOperStatus.{#SNMPINDEX}],#1)<>last(/Check Point Next Generation Firewall by SNMP/net.if.status[ifOperStatus.{#SNMPINDEX}],#2)) | AVERAGE ⚠ | Interface {#IFNAME}({#IFALIAS}): Operational status |
Discovery rule №5
| Name | Description | Type | Interval | Key and additional info |
|---|---|---|---|---|
| PSU discovery | For discovering power supply sensors from CHECKPOINT-MIB. | DEPENDENT | 0 | psu.discovery |
Item prototypes
| Name | Description | Type | Interval | Key and additional info |
|---|---|---|---|---|
| PSU {#SNMPINDEX}: Power supply status | MIB: CHECKPOINT-MIB Power supply status. | DEPENDENT | - | sensor.psu.status[powerSupplyStatus.{#SNMPINDEX}] |
Trigger prototypes
| Name | Description | Expression | Priority | Dependencies |
|---|---|---|---|---|
| PSU {#SNMPINDEX}: Power supply is in down state | Please check the power supply unit for errors. | count(/Check Point Next Generation Firewall by SNMP/sensor.psu.status[powerSupplyStatus.{#SNMPINDEX}],#3,"eq",1)=3 | AVERAGE ⚠ | PSU {#SNMPINDEX}: Power supply status |
Discovery rule №6
| Name | Description | Type | Interval | Key and additional info |
|---|---|---|---|---|
| Software blades discovery | For discovering software blades and features from CHECKPOINT-MIB. | DEPENDENT | 0 | svn.sw.discovery |
Item prototypes
| Name | Description | Type | Interval | Key and additional info |
|---|---|---|---|---|
| {#SW.NAME}: License expiration date | MIB: CHECKPOINT-MIB Expiration date for the license of the software blade. Doesn't return a value if the license doesn't have an expiration date. | DEPENDENT | - | svn.sw.license.exp_date[licensingExpirationDate.{#SNMPINDEX}] |
| {#SW.NAME}: License total quota | MIB: CHECKPOINT-MIB Total quota amount for the license of the software blade. | DEPENDENT | - | svn.sw.license.quota.total[licensingTotalQuota.{#SNMPINDEX}] |
| {#SW.NAME}: License used quota | MIB: CHECKPOINT-MIB Used quota amount for the license of the software blade. | DEPENDENT | - | svn.sw.license.quota.used[licensingUsedQuota.{#SNMPINDEX}] |
| {#SW.NAME}: License state | MIB: CHECKPOINT-MIB Current license state of the software blade. | DEPENDENT | - | svn.sw.license.state[licensingState.{#SNMPINDEX}] |
| {#SW.NAME}: Software blade status | MIB: CHECKPOINT-MIB Current software blade status. | DEPENDENT | - | svn.sw.status[licensingBladeActive.{#SNMPINDEX}] |
Trigger prototypes
| Name | Description | Expression | Priority | Dependencies |
|---|---|---|---|---|
| {#SW.NAME}: License expires soon | This trigger expression works as follows: 1. It can be triggered if the license expires soon. 2. {$LICENSE.CONTROL:"{#SW.NAME}"}=1 - a user can redefine the context macro to "0", marking the current license as not important. No new trigger will be fired if this license expires. | {$LICENSE.CONTROL:"{#SW.NAME}"}=1 and (last(/Check Point Next Generation Firewall by SNMP/svn.sw.license.exp_date[licensingExpirationDate.{#SNMPINDEX}]) - now()) / 86400 < {$LICENSE.EXPIRY.WARN:"{#SW.NAME}"} and last(/Check Point Next Generation Firewall by SNMP/svn.sw.license.exp_date[licensingExpirationDate.{#SNMPINDEX}]) > now() | WARNING 📢 | {#SW.NAME}: License expiration date |
| {#SW.NAME}: License has been expired | This trigger expression works as follows: 1. It can be triggered if the license has been expired. 2. {$LICENSE.CONTROL:"{#SW.NAME}"}=1 - a user can redefine the context macro to "0", marking the current license as not important. No new trigger will be fired if this license is expired. | {$LICENSE.CONTROL:"{#SW.NAME}"}=1 and (last(/Check Point Next Generation Firewall by SNMP/svn.sw.license.exp_date[licensingExpirationDate.{#SNMPINDEX}]) - now()) / 86400 < now() | AVERAGE ⚠ | {#SW.NAME}: License expiration date |
Discovery rule №7
| Name | Description | Type | Interval | Key and additional info |
|---|---|---|---|---|
| Temperature discovery | For discovering temperature sensors from CHECKPOINT-MIB. | DEPENDENT | 0 | temperature.discovery |
Item prototypes
| Name | Description | Type | Interval | Key and additional info |
|---|---|---|---|---|
| {#SENSOR.NAME}: Temperature | MIB: CHECKPOINT-MIB Current temperature reading in degrees Celsius from the hardware component's temperature sensor. | DEPENDENT | - | sensor.temp.value[tempertureSensorValue.{#SNMPINDEX}] |
Trigger prototypes
| Name | Description | Expression | Priority | Dependencies |
|---|---|---|---|---|
| {#SENSOR.NAME}: Temperature is above critical threshold | This trigger uses temperature sensor values. | avg(/Check Point Next Generation Firewall by SNMP/sensor.temp.value[tempertureSensorValue.{#SNMPINDEX}],5m)>{$TEMP.VALUE.CRIT:"{#SENSOR.NAME}"} | HIGH ⛔ | {#SENSOR.NAME}: Temperature |
| {#SENSOR.NAME}: Temperature is above warning threshold | This trigger uses temperature sensor values. | avg(/Check Point Next Generation Firewall by SNMP/sensor.temp.value[tempertureSensorValue.{#SNMPINDEX}],5m)>{$TEMP.VALUE.WARN:"{#SENSOR.NAME}"} | WARNING 📢 | {#SENSOR.NAME}: Temperature |
| {#SENSOR.NAME}: Temperature is too low | This trigger uses temperature sensor values. | avg(/Check Point Next Generation Firewall by SNMP/sensor.temp.value[tempertureSensorValue.{#SNMPINDEX}],5m)<{$TEMP.VALUE.LOW:"{#SENSOR.NAME}"} | AVERAGE ⚠ | {#SENSOR.NAME}: Temperature |
Discovery rule №8
| Name | Description | Type | Interval | Key and additional info |
|---|---|---|---|---|
| Storage discovery | For discovering storage disks from CHECKPOINT-MIB. | DEPENDENT | 0 | vfs.fs.discovery |
Item prototypes
| Name | Description | Type | Interval | Key and additional info |
|---|---|---|---|---|
| {#DISK.NAME}: Available disk space | MIB: CHECKPOINT-MIB Available free disk (not reserved by the OS) in bytes. | DEPENDENT | - | vfs.fs.avail[multiDiskFreeAvailableBytes.{#SNMPINDEX}] |
| {#DISK.NAME}: Free disk space | MIB: CHECKPOINT-MIB Free disk capacity in bytes. | DEPENDENT | - | vfs.fs.free[multiDiskFreeTotalBytes.{#SNMPINDEX}] |
| {#DISK.NAME}: Disk space utilization | Space utilization calculated by the free percentage metric multiDiskFreeTotalPercent, expressed in % | DEPENDENT | - | vfs.fs.pused[multiDiskUsagePercent.{#SNMPINDEX}] |
| {#DISK.NAME}: Total disk space | MIB: CHECKPOINT-MIB Total disk size in bytes. | DEPENDENT | - | vfs.fs.total[multiDiskSize.{#SNMPINDEX}] |
| {#DISK.NAME}: Used disk space | MIB: CHECKPOINT-MIB Amount of disk used in bytes. | DEPENDENT | - | vfs.fs.used[multiDiskUsed.{#SNMPINDEX}] |
Trigger prototypes
| Name | Description | Expression | Priority | Dependencies |
|---|---|---|---|---|
| {#DISK.NAME}: Disk space is critically low | Two conditions should match: 1. The first condition - utilization of the space should be above {$DISK.PUSED.MAX.CRIT:"{#DISK.NAME}"}. 2. The second condition should be one of the following: - the disk free space is less than {$DISK.FREE.MIN.CRIT:"{#DISK.NAME}"}; - the disk will be full in less than 24 hours. | last(/Check Point Next Generation Firewall by SNMP/vfs.fs.pused[multiDiskUsagePercent.{#SNMPINDEX}])>{$DISK.PUSED.MAX.CRIT:"{#DISK.NAME}"} and (last(/Check Point Next Generation Firewall by SNMP/vfs.fs.total[multiDiskSize.{#SNMPINDEX}])-last(/Check Point Next Generation Firewall by SNMP/vfs.fs.used[multiDiskUsed.{#SNMPINDEX}]))<{$DISK.FREE.MIN.CRIT:"{#DISK.NAME}"} | AVERAGE ⚠ | |
| {#DISK.NAME}: Disk space is low | Two conditions should match: 1. The first condition - utilization of the space should be above {$DISK.PUSED.MAX.WARN:"{#DISK.NAME}"}. 2. The second condition should be one of the following: - the disk free space is less than {$DISK.FREE.MIN.WARN:"{#DISK.NAME}"}; - the disk will be full in less than 24 hours. | last(/Check Point Next Generation Firewall by SNMP/vfs.fs.pused[multiDiskUsagePercent.{#SNMPINDEX}])>{$DISK.PUSED.MAX.WARN:"{#DISK.NAME}"} and (last(/Check Point Next Generation Firewall by SNMP/vfs.fs.total[multiDiskSize.{#SNMPINDEX}])-last(/Check Point Next Generation Firewall by SNMP/vfs.fs.used[multiDiskUsed.{#SNMPINDEX}]))<{$DISK.FREE.MIN.WARN:"{#DISK.NAME}"} | WARNING 📢 |
Discovery rule №9
| Name | Description | Type | Interval | Key and additional info |
|---|---|---|---|---|
| Voltage discovery | For discovering voltage sensors from CHECKPOINT-MIB. | DEPENDENT | 0 | voltage.discovery |
Item prototypes
| Name | Description | Type | Interval | Key and additional info |
|---|---|---|---|---|
| {#SENSOR.NAME}: Voltage value | MIB: CHECKPOINT-MIB Most recent measurement obtained by the agent for this sensor. | DEPENDENT | - | sensor.volt.value[voltageSensorValue.{#SNMPINDEX}] |
Discovery rule №10
| Name | Description | Type | Interval | Key and additional info |
|---|---|---|---|---|
| VPN discovery | For discovering VPN tunnels from CHECKPOINT-MIB. | DEPENDENT | 0 | vpn.discovery |
Item prototypes
| Name | Description | Type | Interval | Key and additional info |
|---|---|---|---|---|
| VPN {#VPN.NAME}: Community | MIB: CHECKPOINT-MIB VPN tunnel community. | DEPENDENT | - | vpn.tunnel.community[tunnelCommunity.{#SNMPINDEX}] |
| VPN {#VPN.NAME}: Tunnel interface | MIB: CHECKPOINT-MIB VPN tunnel interface. | DEPENDENT | - | vpn.tunnel.netif[tunnelInterface.{#SNMPINDEX}] |
| VPN {#VPN.NAME}: Peer IP address | MIB: CHECKPOINT-MIB VPN peer IP address. | DEPENDENT | - | vpn.tunnel.peer_ip[tunnelPeerIpAddr.{#SNMPINDEX}] |
| VPN {#VPN.NAME}: Peer type | MIB: CHECKPOINT-MIB VPN peer type. | DEPENDENT | - | vpn.tunnel.peer_type[tunnelPeerType.{#SNMPINDEX}] |
| VPN {#VPN.NAME}: Link priority | MIB: CHECKPOINT-MIB Link priority. | DEPENDENT | - | vpn.tunnel.priority[tunnelLinkPriority.{#SNMPINDEX}] |
| VPN {#VPN.NAME}: Probing state | MIB: CHECKPOINT-MIB VPN tunnel probing state: 0 - unknown 1 - alive 2 - dead | DEPENDENT | - | vpn.tunnel.prob_state[tunnelProbState.{#SNMPINDEX}] |
| VPN {#VPN.NAME}: Source IP | MIB: CHECKPOINT-MIB Source IP address. | DEPENDENT | - | vpn.tunnel.src_ip[tunnelSourceIpAddr.{#SNMPINDEX}] |
| VPN {#VPN.NAME}: Tunnel state | MIB: CHECKPOINT-MIB VPN tunnel state: 3 - active 4 - destroy 129 - idle 130 - phase1 131 - down 132 - init | DEPENDENT | - | vpn.tunnel.state[tunnelState.{#SNMPINDEX}] |
| VPN {#VPN.NAME}: Tunnel type | MIB: CHECKPOINT-MIB VPN tunnel type. | DEPENDENT | - | vpn.tunnel.type[tunnelType.{#SNMPINDEX}] |
Trigger prototypes
| Name | Description | Expression | Priority | Dependencies |
|---|---|---|---|---|
| VPN {#VPN.NAME}: Tunnel down | This trigger expression works as follows: 1. It can be triggered if the current tunnel state is down. 2. {$VPN.STATE.CONTROL:"{#VPN.NAME}"}=1 - a user can redefine the context macro to "0", marking this notification as not important. No new trigger will be fired if this tunnel is down. | {$VPN.STATE.CONTROL:"{#VPN.NAME}"}=1 and last(/Check Point Next Generation Firewall by SNMP/vpn.tunnel.state[tunnelState.{#SNMPINDEX}])=131 | AVERAGE ⚠ | VPN {#VPN.NAME}: Tunnel state |