Monitoring the VPN Tunnel State in Check Point Devices.
How can I monitor the state of VPN Tunnel in a Check Point Firewall?
1) SNMP OID 1.3.6.1.4.1.2620.500.9002.1.3 is responsible for the VPN TUNNEL STATE Monitoring.
2) Map this OID if it is not present by default.
3) In the below document I have mapped the OID so it is showing as a customized event (i.e) 0xfff.... See the below screenshot.
<Please see attached file for image>
4) After mapping the OID go to the firewall where the VPN Tunnels are configured and check for the VPNTunnelMonitoring attribute and will show as below with value and table.
<Please see attached file for image>
5) If you click on the highlightened “Table” it will display the list of Tunnels configured as below. In the below screenshot there are 11 Tunnels configured.
<Please see attached file for image>
6) The value 3 represents the state of the Tunnel and is Active. The following are the values for the Tunnel state.
3=active
4=destroy
129=idle
130=phase1
131=down
132=init
7) Once you configured above steps you can create a Spectrowatch and monitor the Tunnels with the Alarm criticality that you require.