Firewall Connection metric count values on our Virtual Firewalls dropped from the typical 400-600k range down to about 30.

The low number is a match for the correct value, from the same metric, for the Checkpoint chassis not the Virtual Firewalls.

Events against the problem device shows a chassis reboot at the time of the drop.

Looking at DCDebug Detailed Poll Logging messages we can see the IP in question no longer polls using the contextName value required.

DX NetOps Performance Management releases r20.2.5 and older

Reboot events are triggering a faulty discovery profile run. One that breaks the association between the Virtual Firewall item and it's SNMPv3 SNMP Profile with the correct contextName for data requests.

Without the correct contextName, the polling requests are seen as successful because it's getting a response from the chassis level device item that doesn't require contextNames and has the same data available for polling.

This is resolved via defect DE484875 in the r20.2.6 and r21.2.1 releases of DX NetOps Performance Management.

There is no workaround for this aside from restarting the Data Collector dcmd service for the Data Collector managing the affected devices.

Upgrade to the latest releases for a permanent solution.