SMARTS IP: Checkoint firewall interface discovery issue; ASNM-E-ASNMP_SEND_RECEIVE_ERROR-ASNMP request failure: Error when sending or receiving SNMP data for Host
search cancel

SMARTS IP: Checkoint firewall interface discovery issue; ASNM-E-ASNMP_SEND_RECEIVE_ERROR-ASNMP request failure: Error when sending or receiving SNMP data for Host

book

Article ID: 331641

calendar_today

Updated On:

Products

VMware Smart Assurance

Issue/Introduction

Symptoms:




There are at total of 30 interfaces on a Check point Firewall that need to be discovered and monitored, but after upgrading to Smarts IP 9.2.2, only 6 of the 30 interfaces are discovered.

Environment

VMware Smart Assurance - SMARTS

Cause

SNMPV3 Discovery finishes but with an ASNMP error-

ASNM-E-ASNMP_SEND_RECEIVE_ERROR-ASNMP request failure: Error when sending or receiving SNMP data for Host '10.250.2.65'
SNMP-ERESPONSE-No response from 10.250.2.65, port 161
SNMP-ETIMEOUT-Timed out

This error was not seen when using SNMPv2, but the Checkpoint firewall requires SNMPv3 to be fully discovered and there for only 6 interfaces were still being discovered.

There is a timeout caused by the Checkpoint Firewall agent being slow.



Resolution

If you encounter this in your environment, you can work around the issue by editng the tpmgr_param.conf file by running the sm_edit command:

<BASEDIR>/IP/smarts/bin/sm_edit conf/discovery/tpmgr-param.conf

And making the following value change:

maxOIDsPerPacketForASNMP  1

and save and restart the domain to take affect.

Alternatively, you can use the following dmctl command to make the change instant without saving so that you can test.

dmctl -s <IP DOMAIN> invoke ICF_TopologyManager::ICF-TopologyManager insertParameter maxOIDsPerPacketForASNMP 1