search cancel

Checkpoint firewalls modeling as Linux servers in Spectrum OneClick

book

Article ID: 215913

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

Some Checkpoint Firewall devices are modeling using the CheckpointFirewall model type and other are modeling using the Host_Device model type.

Environment

Release : Any

Component : Spectrum Discovery & Modeling

Cause

In order for the device to model as a CheckpointFirewall model, it must support the fwModuleState attribute at oid 1.3.6.1.4.1.2620.1.1.1. You can verify if the device supports this attribute by launching MIBTools on the model and querying for this oid.

The device may support some of the Checkpoint attributes but it must support the fwModuleState attribute at oid 1.3.6.1.4.1.2620.1.1.1 in order to model as a CheckpointFirewall model.

Resolution

This is functioning as designed, however some newer Orchestrator devices may not contain oid 1.3.6.1.4.1.2620.1.1.1 in which case you can modify the Spectrum Catalog DB to also look for oid 1.3.6.1.4.1.2620.1.6.1  

Steps:

NOTE When making changes with Model Type Editor the changes need to be made exactly the same on every landscape OR the catalog needs to be saved and reloaded on every landscape.

1. Stop Spectrum Server

2. Launch Model Type Editor from Spectrum Control Panel

3.  Locate the CheckpointFirewall Model Type and edit the VendorOIDVerifyList attribute to include both 1.3.6.1.4.1.2620.1.6.1  and 1.3.6.1.4.1.2620.1.1.1 exactly as shown below:

4.  Verify the the Model shows Modified = Yes and select Commit to Database 

5.  Exit Model Type Editor and Start Spectrum Server.

 

 

 

Additional Information

Checking for oid 1.3.6.1.4.1.2620.1.6.1 will be added in a future release of Spectrum.

Attachments