Checkpoint percentage of current connections
Article ID: 187451
Updated On:
Products
CA Infrastructure Management
CA Performance Management - Usage and Administration
DX NetOps
Issue/Introduction
I'm looking to update the vendor cert im.ca.com-certifications-snmp-CheckpointFwVsxConnectionMib.xml to produce a percentage of current connections from the maximum allowed connections. The problem is the Check Point devices do not respond to asgVSXConnLimit. I would like to use a static value based on device model. Can you provide suggestions on how to accomplish this?
Environment
CAPM 3.6
Resolution
An extension was written for the CheckPoint Firewall Virtual System Connection (internal name: CheckpointFwVsxConnectionMib).
Here is the extension:
<DataModel xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" namespace="http://im.ca.com/certifications/snmp" xsi:noNamespaceSchemaLocation="SNMPCertificationFacet.xsd">
<Author>CA</Author>
<Version>1.1</Version>
<FacetType name="CheckpointFwVsxCAMib" descriptorClass="com.ca.im.core.datamodel.certs.CertificationFacetDescriptorImpl">
<FacetOf namespace="http://im.ca.com/core" name="Item"/>
<Expressions>
<ExpressionGroup name="CheckpointFwVsxDS" destCert="{http://im.ca.com/normalizer}NormalizedVirtualSvrSessionInfo">
<Expression destAttr="ConnectionsUtilization">
Response = snmpGet("1.3.6.1.2.1.1.2.0");
Result = Response.getResult();
Value = Result.getValue();
maxLimit = 1;
if((Value.toString().equals("1.3.6.1.4.1.2620.1.6.123.1.62")) || (Value.toString().equals("1.3.6.1.4.1.2620.1.6.123.1.42")) || (Value.toString().equals("1.3.6.1.4.1.2620.1.6.123.1.64")))
{
maxLimit = 5000000;
}
else
{
maxLimit = 200000;
}
pctResult = (100*snmpProtectedDiv(vsxCountersConnNum,maxLimit));
return pctResult;
</Expression>
</ExpressionGroup>
</Expressions>
</FacetType>
</DataModel>
Use a REST client of choice to do a POST method to http://da-hostname:8581/typecatalog/certifications/snmp/extension/CheckpointFwVsxConnectionMib
This extension of course can be tweaked to suit your needs
Here is the extension:
<DataModel xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" namespace="http://im.ca.com/certifications/snmp" xsi:noNamespaceSchemaLocation="SNMPCertificationFacet.xsd">
<Author>CA</Author>
<Version>1.1</Version>
<FacetType name="CheckpointFwVsxCAMib" descriptorClass="com.ca.im.core.datamodel.certs.CertificationFacetDescriptorImpl">
<FacetOf namespace="http://im.ca.com/core" name="Item"/>
<Expressions>
<ExpressionGroup name="CheckpointFwVsxDS" destCert="{http://im.ca.com/normalizer}NormalizedVirtualSvrSessionInfo">
<Expression destAttr="ConnectionsUtilization">
Response = snmpGet("1.3.6.1.2.1.1.2.0");
Result = Response.getResult();
Value = Result.getValue();
maxLimit = 1;
if((Value.toString().equals("1.3.6.1.4.1.2620.1.6.123.1.62")) || (Value.toString().equals("1.3.6.1.4.1.2620.1.6.123.1.42")) || (Value.toString().equals("1.3.6.1.4.1.2620.1.6.123.1.64")))
{
maxLimit = 5000000;
}
else
{
maxLimit = 200000;
}
pctResult = (100*snmpProtectedDiv(vsxCountersConnNum,maxLimit));
return pctResult;
</Expression>
</ExpressionGroup>
</Expressions>
</FacetType>
</DataModel>
Use a REST client of choice to do a POST method to http://da-hostname:8581/typecatalog/certifications/snmp/extension/CheckpointFwVsxConnectionMib
This extension of course can be tweaked to suit your needs
Additional Information
Feedback
Yes
No
Powered by
