CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. Come to CPUG CON 2008 EUROPE in Switzerland on September 8th - 9th!
    Two days full of technical content for Check Point administrators in the beautiful Swiss Alps!
    We already have sign-ups from twelve different countries!
2. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 7/14, 8/25, 10/6, 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8.
3. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
4. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Eventia Analyzer/Reporter/SmartView Reporter
Reload this Page Nokia Appliance Manger
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2006-11-23
Fulvio Fulvio is offline
Junior Member
  
Join Date: 2006-05-04
Posts: 15
Rep Power: 0
Fulvio has an average reputation (10+)
Default Nokia Appliance Manger
Hi all,

I didn't know where to post this and decided on this section as Appliance Manager is a reporting software, which I am evaluating.

I have configured SNMP using voyager and can see the appliances (nokia ip380 IPSO 4) on Appliance Manager.

I have enabled SNMP on the firewalls cpconfig command, option 2, but I can't see the checkpoint application (CP NGX R60).

If I drill down one of the appliances at Checpoint details it says:
No Check Point Firewall found on appliance, or CP SNMPd extension is disabled.

To collect the SNMP info of the appliances I had to configure SNMP protocol to be part of myreadcommunity read community, but how do I do this with SNMP on the firewalls? Also the SNMP port for the appliances is 161 do I use a different port for firewalls?

How can I check that SNMPd is working properly on the firewalls?
I can see (using SmartViewTracker) collection of snmp information on the appliances but can't see any drop/accept regarding the firewalls.

Any help is much appriciated.

Fulvio

Anything else I should know about?
Last edited by Fulvio; 2006-11-23 at 03:28. Reason: Typo
Reply With Quote
  #2 (permalink)  
Old 2006-11-24
northlandboy northlandboy is offline
Senior Member
  
Join Date: 2006-07-28
Location: New Zealand
Posts: 722
Rep Power: 2
northlandboy has an average reputation (10+)
Default Re: Nokia Appliance Manger
Nokia SNMPD should proxy through to the Check Point SNMPD.

Is the Check Point snmpd running? Is it listening on port 262?

What happens if you try querying it with snmpwalk on the firewall itself?
Reply With Quote
  #3 (permalink)  
Old 2006-11-24
cciesec2006 cciesec2006 is offline
Senior Member
  
Join Date: 2006-09-26
Posts: 596
Rep Power: 2
cciesec2006 has an average reputation (10+)
Default Re: Nokia Appliance Manger
Checkpoint snmpd runs on udp port 260, NOT 262.
Reply With Quote
  #4 (permalink)  
Old 2006-11-24
cciesec2006 cciesec2006 is offline
Senior Member
  
Join Date: 2006-09-26
Posts: 596
Rep Power: 2
cciesec2006 has an average reputation (10+)
Default Re: Nokia Appliance Manger
do this directly on the Nokia box and see if you get a responds:

snmpwalk -p 260 127.0.0.1 public .1.3.6.1.4.1.2620

do NOT forget to run cpconfig and activate the checkpoint snmpd daemon.
You have to perform "cpstop;cpstart" or even reboot for checkpoitn snmpd
daemon to tak effect.
Reply With Quote
  #5 (permalink)  
Old 2006-11-24
northlandboy northlandboy is offline
Senior Member
  
Join Date: 2006-07-28
Location: New Zealand
Posts: 722
Rep Power: 2
northlandboy has an average reputation (10+)
Default Re: Nokia Appliance Manger
Thanks for the correction.

You don't have to do a cpstop;cpstart though - after running cpconfig, you can just launch the snmpd without doing a restart. $CPDIR/bin/cpsnmpd -p 260, or something like that. Handy if you don't want to do a full restart.
Reply With Quote
  #6 (permalink)  
Old 2007-02-06
mmuessig mmuessig is offline
Junior Member
  
Join Date: 2006-08-17
Posts: 5
Rep Power: 0
mmuessig has an average reputation (10+)
Default Re: Nokia Appliance Manger
Hi there,
i tried (and checked) all the things i found here!

If i try to start checkpiont snmpd via

snmpd -p 260 i get the following errormessage:

<host>[admin]# ps aux|grep snmp
root 1618 0.0 0.8 4172 4040 ?? Ss 2:48PM 0:02.15 /bin/snmpd -f
<host>[admin]# cpsnmpd -p 260
Couldn't find mib file
Mib not initialized. Exiting.
Bad object identifier: .1.3.6.1.6.3.3.1.3.0.0.0.0.1

Error installing initial noAuth/noPriv parties, exiting

<host>[admin]#


Any ideas?
Thanks in advance,
Markus Muessig
__________________
Markus Muessig
Security Engineer
CCSA, QualysGuard Certified Specialist
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 06:16.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0