Capacity reporting on C and X series

[Dragon]

Hi All,

We are in the process of implementing capacity monitoring tool for the Crossbeam firewalls. Crossbeam as such does not provide or can recomend a system for monitoring their hardware.

Can anyone who implemented some X80s or C25s in prod environment suggest what reporting tools they use to follow CPU, Memory, disk utilization, throughput and so on.
Some of these values can be reported through SNMP traffic but for instance for CPU util, SNMP reports only overall utilization and does not report utilization per individual CPU core.

So amy feedback on monitoring tools for Crossbeams would be much appreciated.

[chuachongchee]

If you have many crossbeam machines, i would suggest SecureShore.

Else, i have customers used MRTG to poll the different stats and draw graphs out...

[cjbischoff]

Crossbeam C-Series are simple to monitor; just like regular Linux boxes. I know for a fact Cacti/Nagios works well (again using the Linux server template; assuming you configured the platform to be monitored). Additionally you can enable the CheckPoint SNMP daemon which provides specifics regarding the firewall application in addition to memory/CPU. Some commercial solutions don't "play well" with the CheckPoint SNMP daemon since it runs on port 260/UDP and doesn't provide MIB-2 system group.

Jeff’s Professional Side » Blog Archive » Getting sysObjectID out of cpsnmpd on a Crossbeam APM


X-Series solutions are a bit tricky to monitor. Again I would try Cacti or Nagios and ~alot~ of prebuilt VmWare images with both applications installed which would provide you an excellent and convenient testing solution

NAGIOS based Monitoring Solution
NAGIOS based Monitoring Solution

Network Management Station - Cacti, Syslog, SNMP Traplog, Apache and MySQL
Network Management Station - Cacti, Syslog, SNMP Traplog, Apache and MySQL

VirtualAppliances.net Cacti Server
VirtualAppliances.net Cacti Server

SecureShore is primary a configuration management solution used to push packages (applications, XOS, COS) and perform inventory management. I would not recommend it since it is very apparent that SecureShore is just not primary initiative for Crossbeam.

[Dragon]

Thanks for the response.

We have secure shore but i am not really aware of any monitoring that could be done using this box.

We are currently using eHealth(Concord) but the issue is with reporting on individual CPU cores. For instance the C25 has 2 dual core CPUs so in theory we would like to know whats happening on every single core(or at least every single physical CPU) but there is no SNMP metric for this.
Same goes for X80. the APM8600 blades have 2 CPUs and the snmp available there can only return an aggregate value of all 4 cores.

Any ideas how to go around this issue?

We were also looking at gathering information such as number of connection that is normally available from Checkpoint SNMP. However what makes this impossible is that we are running VSX and CP SNMP cant report any of these from VSX.

[chuachongchee]

If memory serves me right... I do not think Crossbeam C25 has dual cores cpu, or are you talking about dual single cores??

If i'm not mistaken... I dont think C-Series have dual core cpus.. only X-series 8600 apms have 2 dual cores...

[cjbischoff]

I believe you can monitor each CPU (C-Series) independently, but not each core within a single CPU. Net-snmp 5.3 CPU collections Net-snmp 5.3 CPU collections - OpenNMS Per the site "A single CPU, single core linux box will have 100 timeticks available per second. A two CPU, dual core CPU linux box will have 400 timeticks available per second." Not sure if you will get the level of flexibility required to monitor the Crossbeam platform or CheckPoint from a commercial product. To be honest you will need to utilize an open source solution (using the latest version of Net-SNMP) which will allow you the flexibility [SOLVED] Can't detect dual core CPUs ... to walk the MIB and write your own configurations. Multi CPU Utilization Graph