Enabling SNMP on Check Point application

Before configuring SNMP, Check Point SNMP extension must be enabled on the VAP group. This can be done using the following command from the CLI:

Configuring SNMP on the Modules

Modify the $FWDIR/conf/snmp.C to the same values used by the snmp manager to query. When populating the values enter your configurations in the () after the word "value".

IMPORTANT: Enabling the SNMP daemon at the Check Point level requires a restart of the firewall module.

Sample snmp.C:

(

: (
: (system.sysName.0
:value (chassis_hostname)
)
: (system.sysDescr.0
:value ("Crossbeam Check Point FireWall-1")
)
: (system.sysContact.0
:value ("Support")
)
: (system.sysLocation.0
:value ("Support LAB")
)
: (system.sysObjectID.0
:value (".1.3.6.1.4.1.2620.1.1")
)
)
:snmp_community (
:read (crossbeam)
:write () <--- not necessary to modify only for polling
)
)

NOTE: The system object ID should not be modified.

Enabling SNMP on Check Point on the SNMP Manager:

The Check Point MIB file needs to be imported into the SNMP manager. The location of the MIB file, ckpnt.mib, on the Check Point module is:

/opt/CPshrd-R55/lib/snmp/chkpnt.mib

or

$CPDIR/lib/snmp/chkpnt.mib

Enabling SNMP on Check Point Within SmartDashboard:

Create a rule for inbound traffic to the module on port 260 from the SNMP manager

Src: snmp-manager
dst: fw-ip reachable by snmp manager
service: FW1_snmp
action: accept
Track: Long

Testing will depend on the OS being used, but he ports and the version are important. Run the command:

snmpwalk -m </path to snmp mib file> -v 1 -c <community> -p 260 <ip of host> checkpoint

or

Workaround