Monitoring the VPN Tunnel State in Check Point Devices.
How can I monitor the state of VPN Tunnel in a Check Point Firewall?
All supported DX NetOps Spectrum releases
To raise alarms on a particular OID we need to determine the OID, load it's MIB definition file if not found in MIB Tools, map the OID to an Attribute and set up a SpectroWatch to generate an Alarm.
The SNMP OID 1.3.6.1.4.1.2620.500.9002.1.3 provides the VPN Tunnel State value. It's the tunnelState OID and is defined as follows, including possible values.
tunnelState OBJECT-TYPE
SYNTAX INTEGER {
active(3),
destroy(4),
idle(129),
phase1(130),
down(131),
init(132),}
ACCESS read-write
STATUS mandatory
::= { tunnelEntry 3 }
Search the Spectrum MIB Tools utility for the OID. If not found obtain the MIB definition file for the OID from the device vendor. Load it into Spectrum using the MIB Tools utility. See the Import Individual MIBs into the MIB Tools Database documentation topic for MIB file import steps.
If the OID is already present, or after importing to so that it is listed, map the OID to a new custom Attribute. See the Attribute Support Table documentation section for steps to map the OID to an Attribute. Sample from the UI after mapping the OID to a new custom Attribute.
After mapping the OID go to the Firewall device model hosting the target VPN Tunnels. Review the VPNTunnelMonitoring attribute to see the values in the table. Sample where Instance IDs are mapped to the given tunnels tunnelState value. Here they are all "3=active".
With the Attribute mapping completed, create a Spectrowatch to monitor the Tunnels and raise Alarms as needed. See the Working With Watches documentation topic for additional information.
Check Point Support Center article: Monitoring the state of VPN Tunnel via SNMP OID 1.3.6.1.4.1.2620.500.9002.1.3 and SNMP OID 1.3.6.1.4.1.2620.500.9003.1.3