Snmp Checkpoint FW-1 check

Script : check_snmp_cpfw.pl

Last update : April 19 2007

Description :

Checks by snmp v1, v2c or v3 some modules of Checkpoint FW-1 filtering or management module :

You can choose to check 1, 2, 3 or all 4 modules. Each module will be checked independently and critical state will be returned if one of them is not OK.

- Firewall (on filtering firewall) :

Checks policy state : must be installed
Can check installed policy name : you mut provide the exact name of the policy (-p = <policy name>)
Can check connections : warning and maximum levels must be provided ( -c=<warn>,<crit>)


Checks the svan status code (must be "OK") of SVN

- Management

Checks the management state ("active") and if management is alive.

- High availability

Checks the HA state :
- "active" on IPSO & master on SPLAT (default)
- "standby" on SPLAT
Use check_snmp_vrrp.pl for checks on active/standby or IPSO clusters on IPSO
Check the blocking state ("OK")
Checks the state of all HA softs, usually : Synchronization,Filter, cphad and fwd.

SNMP Login

See snmp info page

Requirements :

- On the Checkpoint Firewall : SNMP extentions must be active

- Perl in /usr/bin/perl - or just run 'perl script'
- Net::SNMP
- file 'utils.pm' in plugin diretory (/usr/local/nagios/libexec)

Configurations examples

Dowload lastest version : 1.2.1

Changelog : On CVS repository on sourceforge : http://nagios-snmp.cvs.sourceforge.net/nagios-snmp/plugins/.

Examples :

All examples below are considering the script is local directory. Host to be checked is with snmp community "public".

Get help

./check_snmp_cpfw.pl -h

snmpv3 login ./check_snmp_cpfw.pl -H -l login -x passwd .....

Check firewall / HA / SVN - for a HA filtering module -

./check_snmp_cpfw.pl -H -C public -swa

Result example :

FW : OK / SVN : OK / HA : OK / CPFW Status : OK

Check SVN/Mgmt - for a management -

./check_snmp_cpfw.pl -H -C public -sm

Result example :
SVN : OK / MGMT : OK / CPFW Status : OK
Check policy name ./check_snmp_cpfw.pl -H -C public -w -p prod

Result example :

FW : OK / CPFW Status : OK
Same with another policy installed :
FW : Policy installed : Standard / CPFW Status : CRITICAL
Check number of active connection with performance data output ./check_snmp_cpfw.pl -H -C public -w -c 1000,5000 -f
Result example :
FW : OK / CPFW Status : OK | fw_connexions=340


Output of check_snmp_cpfw.pl -h

SNMP Checkpoint FW-1 Monitor for Nagios version 1.2.1
GPL Licence, (c)2004-2007 - Patrick Proy

Usage: ./check_snmp_cpfw.pl [-v] -H <host> -C <snmp_community> [-2] | (-l login -x passwd [-X pass -L <authp>,<privp>]) [-s] [-w [-p=pol_name] [-c=warn,crit]] [-m] [-a [standby] ] [-f] [-p <port>] [-t <timeout>] [-V]
-v, --verbose
print extra debugging information (including interface list on the system)
-h, --help
print this help message
-H, --hostname=HOST
name or IP address of host to check
-C, --community=COMMUNITY NAME
community name for the host's SNMP agent (implies v1 protocol)
2, --v2c
Use snmp v2c
-l, --login=LOGIN ; -x, --passwd=PASSWD
Login and auth password for snmpv3 authentication
If no priv password exists, implies AuthNoPriv
-X, --privpass=PASSWD
Priv password for snmpv3 (AuthPriv protocol)
-L, --protocols=<authproto>,<privproto>
<authproto> : Authentication protocol (md5|sha : default md5)
<privproto> : Priv protocole (des|aes : default des)
-s, --svn
check for svn status
-w, --fw
check for fw status
-a, --ha[=standby]
check for ha status and node in "active" state
If using SecurePlatform and monitoring a standby unit, put "standby" too
-m, --mgmt
check for management status
-p, --policy=POLICY_NAME
check if installed policy is POLICY_NAME (must have -w)
-c, --connexions=WARN,CRIT
check warn and critical number of connexions (must have -w)
-f, --perfparse
perfparse output (only works with -c)
-P, --port=PORT
SNMP port (Default 161)
-t, --timeout=INTEGER
timeout for SNMP (Default: Nagios default)
-V, --version
prints version number

This project is hosted on :
SourceForge.net Logo

Nagios and the Nagios logo are registered trademarks of Ethan Galstad.