Dead Packets

06/06/2013

Descobrir o modelo de um servidor Check Point

Filed under: checkpoint,dicas e truques — drak @ 9:57 PM

Descobrir o modelo e serial de um servidor que tem SPLAT instalado não é tão fácil quanto deveria ser, mas uma vez aprendido nunca se esquece mais:

dmidecode | egrep 'Prod|erial'

Depois basta comparar com as tabelas existentes no link referências.

Para conseguir o serial no Nokia

clish -c "show asset hardware"

Referências
Find UTM-1 Check Point Appliance model from CLI

Anúncios

12/03/2013

Monitorando Check Point com Zabbix – Parte 2

Filed under: checkpoint,monitoring — drak @ 4:24 PM

Neste artigo iremos importar um template para monitorar firewalls Check Point no Zabbix e validar que a coleta está funcionando.

Não é escopo desse post a instalação do Zabbix mas sim a configuração do SNMP no CheckPoint e a configuração da coleta de dados e exibição de gráficos no Zabbix já instalado, porém é importante lembrar de habilitar o SNMP durante a instalação/compilação do Zabbix.

Este artigo está separado em duas partes, na primeira etapa ativamos o SNMP e agora configuraremos a coleta no Zabbix, caso seu firewall ainda não esteja preparado para fornecer informações via SNMP configure-o.

A princípio vamos definir o que é importante monitorar em um firewall:

  • CPU
  • Memória
  • Tráfego nas interfaces
  • Número de conexões simultâneas

Em específico para um firewall Check Point com SO Secure Platform também é importante monitorar os discos.

Cada um desses itens pode ser esmiuçado para obter mais detalhes, e.g., Memória Real, Swap usada, etc. A proposta aqui é criar um template para coletar todas as informações relevantes para um relatório de tendência de uso do ambiente (capacity) e troubleshooting.

Template Zabbix – CheckPoint SNMP:

<?xml version="1.0" encoding="UTF-8"?>
<zabbix_export>
    <version>2.0</version>
    <date>2013-03-08T17:09:31Z</date>
    <groups>
        <group>
            <name>Templates</name>
        </group>
    </groups>    
	<templates>
        <template>
            <template>Template CheckPoint SNMP</template>
            <name>Template CheckPoint SNMP</name>
            <groups>
                <group>
                    <name>Templates</name>
                </group>
            </groups>
            <applications>
                <application>
                    <name>Check Point General Stats</name>
                </application>
                <application>
                    <name>Connections</name>
                </application>
                <application>
                    <name>CPU</name>
                </application>
                <application>
                    <name>High Availability</name>
                </application>
                <application>
                    <name>Memory</name>
                </application>
                <application>
                    <name>Services</name>
                </application>
                <application>
                    <name>Interfaces</name>
                </application>
                <application>
                    <name>General</name>
                </application>
                <application>
                    <name>Disk partitions</name>
                </application>			
			</applications>
            <items>
                <item>
                    <name>Active real memory</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2620.1.6.7.4.4.0</snmp_oid>
                    <key>memActiveReal64</key>
                    <delay>10</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>3</value_type>
                    <allowed_hosts/>
                    <units>B</units>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>Memory</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Active total memory</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2620.1.6.7.4.2.0</snmp_oid>
                    <key>memActiveVirtual64</key>
                    <delay>10</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>3</value_type>
                    <allowed_hosts/>
                    <units>B</units>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>Memory</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Available real memory</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>1</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2021.4.6.0</snmp_oid>
                    <key>memAvailReal</key>
                    <delay>10</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>3</value_type>
                    <allowed_hosts/>
                    <units>B</units>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1024</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>Memory</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Current connections</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2620.1.1.25.3.0</snmp_oid>
                    <key>fwNumConn</key>
                    <delay>10</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>3</value_type>
                    <allowed_hosts/>
                    <units/>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>Connections</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Firewall Module State</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2620.1.1.1.0</snmp_oid>
                    <key>fwModuleState</key>
                    <delay>900</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>4</value_type>
                    <allowed_hosts/>
                    <units/>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>Check Point General Stats</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Firewall Policy Install Time</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2620.1.1.25.2.0</snmp_oid>
                    <key>fwInstallTime</key>
                    <delay>900</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>4</value_type>
                    <allowed_hosts/>
                    <units/>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase>{$SNMP_AUTH}</snmpv3_authpassphrase>
                    <snmpv3_privpassphrase>{$SNMP_PRIV}</snmpv3_privpassphrase>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>Check Point General Stats</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Hardware Uptime</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>1</multiplier>
                    <snmp_oid>1.3.6.1.2.1.25.1.1.0</snmp_oid>
                    <key>hrSystemUptime</key>
                    <delay>60</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>3</value_type>
                    <allowed_hosts/>
                    <units>uptime</units>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>0.01</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>Check Point General Stats</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>High Availability Mode</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2620.1.5.11.0</snmp_oid>
                    <key>haWorkMode</key>
                    <delay>900</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>4</value_type>
                    <allowed_hosts/>
                    <units/>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>High Availability</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>High Availability State</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2620.1.5.6.0</snmp_oid>
                    <key>haState</key>
                    <delay>900</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>4</value_type>
                    <allowed_hosts/>
                    <units/>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>High Availability</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>ICMP ping response time</name>
                    <type>3</type>
                    <snmp_community/>
                    <multiplier>0</multiplier>
                    <snmp_oid/>
                    <key>icmppingsec</key>
                    <delay>60</delay>
                    <history>7</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>0</value_type>
                    <allowed_hosts/>
                    <units>s</units>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>Services</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>OS Name</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2620.1.6.5.1.0</snmp_oid>
                    <key>osName</key>
                    <delay>3600</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>4</value_type>
                    <allowed_hosts/>
                    <units/>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>5</inventory_link>
                    <applications>
                        <application>
                            <name>Check Point General Stats</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Peak number of connections</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2620.1.1.25.4.0</snmp_oid>
                    <key>fwPeakNumConn</key>
                    <delay>10</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>3</value_type>
                    <allowed_hosts/>
                    <units/>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>Connections</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Processor system time</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2620.1.6.7.2.2.0</snmp_oid>
                    <key>procSysTime</key>
                    <delay>10</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>3</value_type>
                    <allowed_hosts/>
                    <units>%</units>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>CPU</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Processor usage</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2620.1.6.7.2.4.0</snmp_oid>
                    <key>procUsage</key>
                    <delay>10</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>3</value_type>
                    <allowed_hosts/>
                    <units>%</units>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>CPU</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Processor user time</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2620.1.6.7.2.1.0</snmp_oid>
                    <key>procUsrTime</key>
                    <delay>10</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>3</value_type>
                    <allowed_hosts/>
                    <units>%</units>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>CPU</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Product Name</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2620.1.1.10.0</snmp_oid>
                    <key>fwProduct</key>
                    <delay>3600</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>4</value_type>
                    <allowed_hosts/>
                    <units/>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>1</inventory_link>
                    <applications>
                        <application>
                            <name>Check Point General Stats</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Product Version</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2620.1.6.4.1.0</snmp_oid>
                    <key>svnVersion</key>
                    <delay>3600</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>4</value_type>
                    <allowed_hosts/>
                    <units/>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>6</inventory_link>
                    <applications>
                        <application>
                            <name>Check Point General Stats</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Real used memory</name>
                    <type>15</type>
                    <snmp_community/>
                    <multiplier>0</multiplier>
                    <snmp_oid/>
                    <key>memUsedReal64</key>
                    <delay>30</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>3</value_type>
                    <allowed_hosts/>
                    <units>bytes</units>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params>memTotalReal64-memFreeReal64</params>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>Memory</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>SSH service is running</name>
                    <type>3</type>
                    <snmp_community/>
                    <multiplier>0</multiplier>
                    <snmp_oid/>
                    <key>net.tcp.service[ssh]</key>
                    <delay>60</delay>
                    <history>7</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>3</value_type>
                    <allowed_hosts/>
                    <units/>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>Services</name>
                        </application>
                    </applications>
                    <valuemap>
                        <name>Service state</name>
                    </valuemap>
                </item>
                <item>
                    <name>Total memory (real + swap)</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2620.1.6.7.4.1.0</snmp_oid>
                    <key>memTotalVirtual64</key>
                    <delay>3600</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>3</value_type>
                    <allowed_hosts/>
                    <units>B</units>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>Memory</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Total real memory</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>1</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2021.4.5.0</snmp_oid>
                    <key>memTotalReal</key>
                    <delay>3600</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>3</value_type>
                    <allowed_hosts/>
                    <units>B</units>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1024</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>Memory</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Number of network interfaces</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>IF-MIB::ifNumber.0</snmp_oid>
                    <key>ifNumber</key>
                    <delay>3600</delay>
                    <history>7</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>3</value_type>
                    <allowed_hosts/>
                    <units/>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description>The number of network interfaces (regardless of their current state) present on this system.</description>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>Interfaces</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>            
                <item>
                    <name>Device contact details</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>SNMPv2-MIB::sysContact.0</snmp_oid>
                    <key>sysContact</key>
                    <delay>3600</delay>
                    <history>7</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>1</value_type>
                    <allowed_hosts/>
                    <units/>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description>The textual identification of the contact person for this managed node, together with information on how to contact this person.  If no contact information is known, the value is the zero-length string.</description>
                    <inventory_link>23</inventory_link>
                    <applications>
                        <application>
                            <name>General</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Device description</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>SNMPv2-MIB::sysDescr.0</snmp_oid>
                    <key>sysDescr</key>
                    <delay>3600</delay>
                    <history>7</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>1</value_type>
                    <allowed_hosts/>
                    <units/>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description>A textual description of the entity.  This value should include the full name and version identification of the system's hardware type, software operating-system, and networking software.</description>
                    <inventory_link>14</inventory_link>
                    <applications>
                        <application>
                            <name>General</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Device location</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>SNMPv2-MIB::sysLocation.0</snmp_oid>
                    <key>sysLocation</key>
                    <delay>3600</delay>
                    <history>7</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>1</value_type>
                    <allowed_hosts/>
                    <units/>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description>The physical location of this node (e.g., `telephone closet, 3rd floor').  If the location is unknown, the value is the zero-length string.</description>
                    <inventory_link>24</inventory_link>
                    <applications>
                        <application>
                            <name>General</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Device name</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>SNMPv2-MIB::sysName.0</snmp_oid>
                    <key>sysName</key>
                    <delay>3600</delay>
                    <history>7</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>1</value_type>
                    <allowed_hosts/>
                    <units/>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description>An administratively-assigned name for this managed node. By convention, this is the node's fully-qualified domain name.  If the name is unknown, the value is the zero-length string.</description>
                    <inventory_link>3</inventory_link>
                    <applications>
                        <application>
                            <name>General</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Device uptime</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>1</multiplier>
                    <snmp_oid>SNMPv2-MIB::sysUpTime.0</snmp_oid>
                    <key>sysUpTime</key>
                    <delay>60</delay>
                    <history>7</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>3</value_type>
                    <allowed_hosts/>
                    <units>uptime</units>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>0.01</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description>The time since the network management portion of the system was last re-initialized.</description>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>General</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>			
			</items>
            <discovery_rules>
                <discovery_rule>
                    <name>HA Status</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <snmp_oid>CHECKPOINT-MIB::haProblemName</snmp_oid>
                    <key>haProblemName</key>
                    <delay>240</delay>
                    <status>0</status>
                    <allowed_hosts/>
                    <snmpv3_securityname>{$SNMP_SECNAME}</snmpv3_securityname>
                    <snmpv3_securitylevel>2</snmpv3_securitylevel>
                    <snmpv3_authpassphrase>{$SNMP_AUTH}</snmpv3_authpassphrase>
                    <snmpv3_privpassphrase>{$SNMP_PRIV}</snmpv3_privpassphrase>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <filter>:</filter>
                    <lifetime>30</lifetime>
                    <description/>
                    <item_prototypes>
                        <item_prototype>
                            <name>HA Problem Status [{#SNMPVALUE}]</name>
                            <type>4</type>
                            <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                            <multiplier>0</multiplier>
                            <snmp_oid>CHECKPOINT-MIB::haProblemStatus.{#SNMPINDEX}</snmp_oid>
                            <key>haProblemStatus[{#SNMPVALUE}]</key>
                            <delay>120</delay>
                            <history>90</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>4</value_type>
                            <allowed_hosts/>
                            <units/>
                            <delta>0</delta>
                            <snmpv3_securityname>{$SNMP_SECNAME}</snmpv3_securityname>
                            <snmpv3_securitylevel>2</snmpv3_securitylevel>
                            <snmpv3_authpassphrase>{$SNMP_AUTH}</snmpv3_authpassphrase>
                            <snmpv3_privpassphrase>{$SNMP_PRIV}</snmpv3_privpassphrase>
                            <formula>1</formula>
                            <delay_flex/>
                            <params/>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description/>
                            <inventory_link>0</inventory_link>
                            <applications>
                                <application>
                                    <name>Check Point General Stats</name>
                                </application>
                            </applications>
                            <valuemap/>
                        </item_prototype>
                    </item_prototypes>
                    <trigger_prototypes>
                        <trigger_prototype>
                            <expression>{Template CheckPoint SNMP:haProblemStatus[{#SNMPVALUE}].str(OK)}=0</expression>
                            <name>HA Status [{#SNMPVALUE}]</name>
                            <url/>
                            <status>0</status>
                            <priority>3</priority>
                            <description/>
                            <type>0</type>
                        </trigger_prototype>
                    </trigger_prototypes>
                    <graph_prototypes/>
                </discovery_rule>
				<discovery_rule>
                    <name>Network interfaces</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <snmp_oid>IF-MIB::ifDescr</snmp_oid>
                    <key>ifDescr</key>
                    <delay>3600</delay>
                    <status>0</status>
                    <allowed_hosts/>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <filter>:</filter>
                    <lifetime>30</lifetime>
                    <description>You may also consider using IF-MIB::ifType or IF-MIB::ifAlias for discovery depending on your filtering needs.

{$SNMP_COMMUNITY} is a global macro.</description>
                    <item_prototypes>
                        <item_prototype>
                            <name>Admin status of interface $1</name>
                            <type>4</type>
                            <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                            <multiplier>0</multiplier>
                            <snmp_oid>IF-MIB::ifAdminStatus.{#SNMPINDEX}</snmp_oid>
                            <key>ifAdminStatus[{#SNMPVALUE}]</key>
                            <delay>60</delay>
                            <history>7</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>3</value_type>
                            <allowed_hosts/>
                            <units/>
                            <delta>0</delta>
                            <snmpv3_securityname/>
                            <snmpv3_securitylevel>0</snmpv3_securitylevel>
                            <snmpv3_authpassphrase/>
                            <snmpv3_privpassphrase/>
                            <formula>1</formula>
                            <delay_flex/>
                            <params/>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description>The desired state of the interface.</description>
                            <inventory_link>0</inventory_link>
                            <applications>
                                <application>
                                    <name>Interfaces</name>
                                </application>
                            </applications>
                            <valuemap>
                                <name>SNMP interface status (ifAdminStatus)</name>
                            </valuemap>
                        </item_prototype>
                        <item_prototype>
                            <name>Alias of interface $1</name>
                            <type>4</type>
                            <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                            <multiplier>0</multiplier>
                            <snmp_oid>IF-MIB::ifAlias.{#SNMPINDEX}</snmp_oid>
                            <key>ifAlias[{#SNMPVALUE}]</key>
                            <delay>3600</delay>
                            <history>7</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>1</value_type>
                            <allowed_hosts/>
                            <units/>
                            <delta>0</delta>
                            <snmpv3_securityname/>
                            <snmpv3_securitylevel>0</snmpv3_securitylevel>
                            <snmpv3_authpassphrase/>
                            <snmpv3_privpassphrase/>
                            <formula>1</formula>
                            <delay_flex/>
                            <params/>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description/>
                            <inventory_link>0</inventory_link>
                            <applications>
                                <application>
                                    <name>Interfaces</name>
                                </application>
                            </applications>
                            <valuemap/>
                        </item_prototype>
                        <item_prototype>
                            <name>Description of interface $1</name>
                            <type>4</type>
                            <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                            <multiplier>0</multiplier>
                            <snmp_oid>IF-MIB::ifDescr.{#SNMPINDEX}</snmp_oid>
                            <key>ifDescr[{#SNMPVALUE}]</key>
                            <delay>3600</delay>
                            <history>7</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>1</value_type>
                            <allowed_hosts/>
                            <units/>
                            <delta>0</delta>
                            <snmpv3_securityname/>
                            <snmpv3_securitylevel>0</snmpv3_securitylevel>
                            <snmpv3_authpassphrase/>
                            <snmpv3_privpassphrase/>
                            <formula>1</formula>
                            <delay_flex/>
                            <params/>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description>A textual string containing information about the interface.  This string should include the name of the manufacturer, the product name and the version of the interface hardware/software.</description>
                            <inventory_link>0</inventory_link>
                            <applications>
                                <application>
                                    <name>Interfaces</name>
                                </application>
                            </applications>
                            <valuemap/>
                        </item_prototype>
                        <item_prototype>
                            <name>Inbound errors on interface $1</name>
                            <type>4</type>
                            <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                            <multiplier>0</multiplier>
                            <snmp_oid>IF-MIB::ifInErrors.{#SNMPINDEX}</snmp_oid>
                            <key>ifInErrors[{#SNMPVALUE}]</key>
                            <delay>60</delay>
                            <history>7</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>3</value_type>
                            <allowed_hosts/>
                            <units/>
                            <delta>1</delta>
                            <snmpv3_securityname/>
                            <snmpv3_securitylevel>0</snmpv3_securitylevel>
                            <snmpv3_authpassphrase/>
                            <snmpv3_privpassphrase/>
                            <formula>1</formula>
                            <delay_flex/>
                            <params/>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description>For packet-oriented interfaces, the number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol.  For character-oriented or fixed-length interfaces, the number of inbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol.</description>
                            <inventory_link>0</inventory_link>
                            <applications>
                                <application>
                                    <name>Interfaces</name>
                                </application>
                            </applications>
                            <valuemap/>
                        </item_prototype>
                        <item_prototype>
                            <name>Incoming traffic on interface $1</name>
                            <type>4</type>
                            <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                            <multiplier>1</multiplier>
                            <snmp_oid>IF-MIB::ifInOctets.{#SNMPINDEX}</snmp_oid>
                            <key>ifInOctets[{#SNMPVALUE}]</key>
                            <delay>60</delay>
                            <history>7</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>3</value_type>
                            <allowed_hosts/>
                            <units>bps</units>
                            <delta>1</delta>
                            <snmpv3_securityname/>
                            <snmpv3_securitylevel>0</snmpv3_securitylevel>
                            <snmpv3_authpassphrase/>
                            <snmpv3_privpassphrase/>
                            <formula>8</formula>
                            <delay_flex/>
                            <params/>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description>The number of octets in valid MAC frames received on this interface, including the MAC header and FCS.</description>
                            <inventory_link>0</inventory_link>
                            <applications>
                                <application>
                                    <name>Interfaces</name>
                                </application>
                            </applications>
                            <valuemap/>
                        </item_prototype>
                        <item_prototype>
                            <name>Operational status of interface $1</name>
                            <type>4</type>
                            <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                            <multiplier>0</multiplier>
                            <snmp_oid>IF-MIB::ifOperStatus.{#SNMPINDEX}</snmp_oid>
                            <key>ifOperStatus[{#SNMPVALUE}]</key>
                            <delay>60</delay>
                            <history>7</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>3</value_type>
                            <allowed_hosts/>
                            <units/>
                            <delta>0</delta>
                            <snmpv3_securityname/>
                            <snmpv3_securitylevel>0</snmpv3_securitylevel>
                            <snmpv3_authpassphrase/>
                            <snmpv3_privpassphrase/>
                            <formula>1</formula>
                            <delay_flex/>
                            <params/>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description>The current operational state of the interface.</description>
                            <inventory_link>0</inventory_link>
                            <applications>
                                <application>
                                    <name>Interfaces</name>
                                </application>
                            </applications>
                            <valuemap>
                                <name>SNMP interface status (ifOperStatus)</name>
                            </valuemap>
                        </item_prototype>
                        <item_prototype>
                            <name>Outbound errors on interface $1</name>
                            <type>4</type>
                            <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                            <multiplier>0</multiplier>
                            <snmp_oid>IF-MIB::ifOutErrors.{#SNMPINDEX}</snmp_oid>
                            <key>ifOutErrors[{#SNMPVALUE}]</key>
                            <delay>60</delay>
                            <history>7</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>3</value_type>
                            <allowed_hosts/>
                            <units/>
                            <delta>1</delta>
                            <snmpv3_securityname/>
                            <snmpv3_securitylevel>0</snmpv3_securitylevel>
                            <snmpv3_authpassphrase/>
                            <snmpv3_privpassphrase/>
                            <formula>1</formula>
                            <delay_flex/>
                            <params/>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description>For packet-oriented interfaces, the number of outbound packets that could not be transmitted because of errors. For character-oriented or fixed-length interfaces, the number of outbound transmission units that could not be transmitted because of errors.</description>
                            <inventory_link>0</inventory_link>
                            <applications>
                                <application>
                                    <name>Interfaces</name>
                                </application>
                            </applications>
                            <valuemap/>
                        </item_prototype>
                        <item_prototype>
                            <name>Outgoing traffic on interface $1</name>
                            <type>4</type>
                            <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                            <multiplier>1</multiplier>
                            <snmp_oid>IF-MIB::ifOutOctets.{#SNMPINDEX}</snmp_oid>
                            <key>ifOutOctets[{#SNMPVALUE}]</key>
                            <delay>60</delay>
                            <history>7</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>3</value_type>
                            <allowed_hosts/>
                            <units>bps</units>
                            <delta>1</delta>
                            <snmpv3_securityname/>
                            <snmpv3_securitylevel>0</snmpv3_securitylevel>
                            <snmpv3_authpassphrase/>
                            <snmpv3_privpassphrase/>
                            <formula>8</formula>
                            <delay_flex/>
                            <params/>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description>The number of octets transmitted in MAC frames on this interface, including the MAC header and FCS.</description>
                            <inventory_link>0</inventory_link>
                            <applications>
                                <application>
                                    <name>Interfaces</name>
                                </application>
                            </applications>
                            <valuemap/>
                        </item_prototype>
                    </item_prototypes>
                    <trigger_prototypes>
                        <trigger_prototype>
                            <expression>{Template CheckPoint SNMP:ifOperStatus[{#SNMPVALUE}].diff(0)}=1</expression>
                            <name>Operational status was changed on {HOST.NAME} interface {#SNMPVALUE}</name>
                            <url/>
                            <status>0</status>
                            <priority>1</priority>
                            <description/>
                            <type>0</type>
                        </trigger_prototype>
                    </trigger_prototypes>
                    <graph_prototypes>
                        <graph_prototype>
                            <name>Traffic on interface {#SNMPVALUE}</name>
                            <width>900</width>
                            <height>200</height>
                            <yaxismin>0.0000</yaxismin>
                            <yaxismax>100.0000</yaxismax>
                            <show_work_period>1</show_work_period>
                            <show_triggers>1</show_triggers>
                            <type>0</type>
                            <show_legend>1</show_legend>
                            <show_3d>0</show_3d>
                            <percent_left>0.0000</percent_left>
                            <percent_right>0.0000</percent_right>
                            <ymin_type_1>0</ymin_type_1>
                            <ymax_type_1>0</ymax_type_1>
                            <ymin_item_1>0</ymin_item_1>
                            <ymax_item_1>0</ymax_item_1>
                            <graph_items>
                                <graph_item>
                                    <sortorder>0</sortorder>
                                    <drawtype>5</drawtype>
                                    <color>00AA00</color>
                                    <yaxisside>0</yaxisside>
                                    <calc_fnc>2</calc_fnc>
                                    <type>0</type>
                                    <item>
                                        <host>Template CheckPoint SNMP</host>
                                        <key>ifInOctets[{#SNMPVALUE}]</key>
                                    </item>
                                </graph_item>
                                <graph_item>
                                    <sortorder>1</sortorder>
                                    <drawtype>5</drawtype>
                                    <color>3333FF</color>
                                    <yaxisside>0</yaxisside>
                                    <calc_fnc>2</calc_fnc>
                                    <type>0</type>
                                    <item>
                                        <host>Template CheckPoint SNMP</host>
                                        <key>ifOutOctets[{#SNMPVALUE}]</key>
                                    </item>
                                </graph_item>
                            </graph_items>
                        </graph_prototype>
                    </graph_prototypes>
                </discovery_rule>
				<discovery_rule>
                    <name>Processor Discovery</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <snmp_oid>CHECKPOINT-MIB::multiProcIndex</snmp_oid>
                    <key>multiProc</key>
                    <delay>240</delay>
                    <status>0</status>
                    <allowed_hosts/>
                    <snmpv3_securityname>{$SNMP_SECNAME}</snmpv3_securityname>
                    <snmpv3_securitylevel>2</snmpv3_securitylevel>
                    <snmpv3_authpassphrase>{$SNMP_AUTH}</snmpv3_authpassphrase>
                    <snmpv3_privpassphrase>{$SNMP_PRIV}</snmpv3_privpassphrase>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <filter>:</filter>
                    <lifetime>30</lifetime>
                    <description/>
                    <item_prototypes>
                        <item_prototype>
                            <name>Processor [{#SNMPVALUE}] Idle Time</name>
                            <type>4</type>
                            <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                            <multiplier>0</multiplier>
                            <snmp_oid>CHECKPOINT-MIB::multiProcIdleTime.{#SNMPINDEX}</snmp_oid>
                            <key>multiProcIdleTime[{#SNMPVALUE}]</key>
                            <delay>90</delay>
                            <history>90</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>3</value_type>
                            <allowed_hosts/>
                            <units/>
                            <delta>0</delta>
                            <snmpv3_securityname>{$SNMP_SECNAME}</snmpv3_securityname>
                            <snmpv3_securitylevel>2</snmpv3_securitylevel>
                            <snmpv3_authpassphrase>{$SNMP_AUTH}</snmpv3_authpassphrase>
                            <snmpv3_privpassphrase>{$SNMP_PRIV}</snmpv3_privpassphrase>
                            <formula>1</formula>
                            <delay_flex/>
                            <params/>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description/>
                            <inventory_link>0</inventory_link>
                            <applications/>
                            <valuemap/>
                        </item_prototype>
                        <item_prototype>
                            <name>Processor [{#SNMPVALUE}] System Time</name>
                            <type>4</type>
                            <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                            <multiplier>0</multiplier>
                            <snmp_oid>CHECKPOINT-MIB::multiProcSystemTime.{#SNMPINDEX}</snmp_oid>
                            <key>multiProcSystemTime[{#SNMPVALUE}]</key>
                            <delay>90</delay>
                            <history>90</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>3</value_type>
                            <allowed_hosts/>
                            <units/>
                            <delta>0</delta>
                            <snmpv3_securityname>{$SNMP_SECNAME}</snmpv3_securityname>
                            <snmpv3_securitylevel>2</snmpv3_securitylevel>
                            <snmpv3_authpassphrase>{$SNMP_AUTH}</snmpv3_authpassphrase>
                            <snmpv3_privpassphrase>{$SNMP_PRIV}</snmpv3_privpassphrase>
                            <formula>1</formula>
                            <delay_flex/>
                            <params/>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description/>
                            <inventory_link>0</inventory_link>
                            <applications/>
                            <valuemap/>
                        </item_prototype>
                        <item_prototype>
                            <name>Processor [{#SNMPVALUE}] User Time</name>
                            <type>4</type>
                            <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                            <multiplier>0</multiplier>
                            <snmp_oid>CHECKPOINT-MIB::multiProcUserTime.{#SNMPINDEX}</snmp_oid>
                            <key>multiProcUserTime[{#SNMPVALUE}]</key>
                            <delay>90</delay>
                            <history>90</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>3</value_type>
                            <allowed_hosts/>
                            <units/>
                            <delta>0</delta>
                            <snmpv3_securityname>{$SNMP_SECNAME}</snmpv3_securityname>
                            <snmpv3_securitylevel>2</snmpv3_securitylevel>
                            <snmpv3_authpassphrase>{$SNMP_AUTH}</snmpv3_authpassphrase>
                            <snmpv3_privpassphrase>{$SNMP_PRIV}</snmpv3_privpassphrase>
                            <formula>1</formula>
                            <delay_flex/>
                            <params/>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description/>
                            <inventory_link>0</inventory_link>
                            <applications/>
                            <valuemap/>
                        </item_prototype>
                    </item_prototypes>
                    <trigger_prototypes>
                        <trigger_prototype>
                            <expression>{Template CheckPoint SNMP:multiProcIdleTime[{#SNMPVALUE}].avg(300)}&lt;25</expression>
                            <name>{HOSTNAME} Processor usage high on CPU {#SNMPVALUE}</name>
                            <url/>
                            <status>0</status>
                            <priority>3</priority>
                            <description/>
                            <type>0</type>
                        </trigger_prototype>
                    </trigger_prototypes>
                    <graph_prototypes>
                        <graph_prototype>
                            <name>Processor usage CPU {#SNMPVALUE}</name>
                            <width>900</width>
                            <height>200</height>
                            <yaxismin>0.0000</yaxismin>
                            <yaxismax>100.0000</yaxismax>
                            <show_work_period>1</show_work_period>
                            <show_triggers>0</show_triggers>
                            <type>1</type>
                            <show_legend>1</show_legend>
                            <show_3d>0</show_3d>
                            <percent_left>0.0000</percent_left>
                            <percent_right>0.0000</percent_right>
                            <ymin_type_1>0</ymin_type_1>
                            <ymax_type_1>0</ymax_type_1>
                            <ymin_item_1>0</ymin_item_1>
                            <ymax_item_1>0</ymax_item_1>
                            <graph_items>
                                <graph_item>
                                    <sortorder>0</sortorder>
                                    <drawtype>1</drawtype>
                                    <color>CC0000</color>
                                    <yaxisside>0</yaxisside>
                                    <calc_fnc>2</calc_fnc>
                                    <type>0</type>
                                    <item>
                                        <host>Template CheckPoint SNMP</host>
                                        <key>multiProcSystemTime[{#SNMPVALUE}]</key>
                                    </item>
                                </graph_item>
                                <graph_item>
                                    <sortorder>1</sortorder>
                                    <drawtype>1</drawtype>
                                    <color>0000C8</color>
                                    <yaxisside>0</yaxisside>
                                    <calc_fnc>2</calc_fnc>
                                    <type>0</type>
                                    <item>
                                        <host>Template CheckPoint SNMP</host>
                                        <key>multiProcUserTime[{#SNMPVALUE}]</key>
                                    </item>
                                </graph_item>
                                <graph_item>
                                    <sortorder>2</sortorder>
                                    <drawtype>1</drawtype>
                                    <color>00C800</color>
                                    <yaxisside>0</yaxisside>
                                    <calc_fnc>2</calc_fnc>
                                    <type>0</type>
                                    <item>
                                        <host>Template CheckPoint SNMP</host>
                                        <key>multiProcIdleTime[{#SNMPVALUE}]</key>
                                    </item>
                                </graph_item>
                            </graph_items>
                        </graph_prototype>
                    </graph_prototypes>
                </discovery_rule>
                <discovery_rule>
                    <name>Disk partitions</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <snmp_oid>HOST-RESOURCES-MIB::hrStorageDescr</snmp_oid>
                    <key>hrStorageDescr</key>
                    <delay>3600</delay>
                    <status>0</status>
                    <allowed_hosts/>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <filter>{#SNMPVALUE}:@Storage devices for SNMP discovery</filter>
                    <lifetime>30</lifetime>
                    <description>The rule will discover all dis partitions matching the global regexp &quot;Storage devices for SNMP discovery&quot;.

{$SNMP_COMMUNITY} is a global macro.</description>
                    <item_prototypes>
                        <item_prototype>
                            <name>Allocation units for storage $1</name>
                            <type>4</type>
                            <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                            <multiplier>0</multiplier>
                            <snmp_oid>HOST-RESOURCES-MIB::hrStorageAllocationUnits.{#SNMPINDEX}</snmp_oid>
                            <key>hrStorageAllocationUnits[{#SNMPVALUE}]</key>
                            <delay>3600</delay>
                            <history>7</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>3</value_type>
                            <allowed_hosts/>
                            <units>B</units>
                            <delta>0</delta>
                            <snmpv3_securityname/>
                            <snmpv3_securitylevel>0</snmpv3_securitylevel>
                            <snmpv3_authpassphrase/>
                            <snmpv3_privpassphrase/>
                            <formula>1</formula>
                            <delay_flex/>
                            <params/>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description>The size, in bytes, of the data objects allocated from this pool.  If this entry is monitoring sectors, blocks, buffers, or packets, for example, this number will commonly be greater than one.  Otherwise this number will typically be one.</description>
                            <inventory_link>0</inventory_link>
                            <applications>
                                <application>
                                    <name>Disk partitions</name>
                                </application>
                            </applications>
                            <valuemap/>
                        </item_prototype>
                        <item_prototype>
                            <name>Description of storage $1</name>
                            <type>4</type>
                            <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                            <multiplier>0</multiplier>
                            <snmp_oid>HOST-RESOURCES-MIB::hrStorageDescr.{#SNMPINDEX}</snmp_oid>
                            <key>hrStorageDescr[{#SNMPVALUE}]</key>
                            <delay>3600</delay>
                            <history>7</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>1</value_type>
                            <allowed_hosts/>
                            <units/>
                            <delta>0</delta>
                            <snmpv3_securityname/>
                            <snmpv3_securitylevel>0</snmpv3_securitylevel>
                            <snmpv3_authpassphrase/>
                            <snmpv3_privpassphrase/>
                            <formula>1</formula>
                            <delay_flex/>
                            <params/>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description>A description of the type and instance of the storage described by this entry.</description>
                            <inventory_link>0</inventory_link>
                            <applications>
                                <application>
                                    <name>Disk partitions</name>
                                </application>
                            </applications>
                            <valuemap/>
                        </item_prototype>
                        <item_prototype>
                            <name>Total disk space on $1</name>
                            <type>15</type>
                            <snmp_community/>
                            <multiplier>0</multiplier>
                            <snmp_oid/>
                            <key>hrStorageSizeInBytes[{#SNMPVALUE}]</key>
                            <delay>3600</delay>
                            <history>7</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>3</value_type>
                            <allowed_hosts/>
                            <units>B</units>
                            <delta>0</delta>
                            <snmpv3_securityname/>
                            <snmpv3_securitylevel>0</snmpv3_securitylevel>
                            <snmpv3_authpassphrase/>
                            <snmpv3_privpassphrase/>
                            <formula>1</formula>
                            <delay_flex/>
                            <params>last(&quot;hrStorageSize[{#SNMPVALUE}]&quot;) * last(&quot;hrStorageAllocationUnits[{#SNMPVALUE}]&quot;)</params>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description>This is a calculated item, we need it to get total disk space in bytes.</description>
                            <inventory_link>0</inventory_link>
                            <applications>
                                <application>
                                    <name>Disk partitions</name>
                                </application>
                            </applications>
                            <valuemap/>
                        </item_prototype>
                        <item_prototype>
                            <name>Total disk space on $1 in units</name>
                            <type>4</type>
                            <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                            <multiplier>0</multiplier>
                            <snmp_oid>HOST-RESOURCES-MIB::hrStorageSize.{#SNMPINDEX}</snmp_oid>
                            <key>hrStorageSize[{#SNMPVALUE}]</key>
                            <delay>3600</delay>
                            <history>7</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>3</value_type>
                            <allowed_hosts/>
                            <units>units</units>
                            <delta>0</delta>
                            <snmpv3_securityname/>
                            <snmpv3_securitylevel>0</snmpv3_securitylevel>
                            <snmpv3_authpassphrase/>
                            <snmpv3_privpassphrase/>
                            <formula>1</formula>
                            <delay_flex/>
                            <params/>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description>The size of the storage represented by this entry, in units of hrStorageAllocationUnits. This object is writable to allow remote configuration of the size of the storage area in those cases where such an operation makes sense and is possible on the underlying system. For example, the amount of main memory allocated to a buffer pool might be modified or the amount of disk space allocated to virtual memory might be modified.</description>
                            <inventory_link>0</inventory_link>
                            <applications>
                                <application>
                                    <name>Disk partitions</name>
                                </application>
                            </applications>
                            <valuemap/>
                        </item_prototype>
                        <item_prototype>
                            <name>Used disk space on $1</name>
                            <type>15</type>
                            <snmp_community/>
                            <multiplier>0</multiplier>
                            <snmp_oid/>
                            <key>hrStorageUsedInBytes[{#SNMPVALUE}]</key>
                            <delay>60</delay>
                            <history>7</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>3</value_type>
                            <allowed_hosts/>
                            <units>B</units>
                            <delta>0</delta>
                            <snmpv3_securityname/>
                            <snmpv3_securitylevel>0</snmpv3_securitylevel>
                            <snmpv3_authpassphrase/>
                            <snmpv3_privpassphrase/>
                            <formula>1</formula>
                            <delay_flex/>
                            <params>last(&quot;hrStorageUsed[{#SNMPVALUE}]&quot;) * last(&quot;hrStorageAllocationUnits[{#SNMPVALUE}]&quot;)</params>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description>This is a calculated item, we need it to get used disk space in bytes.</description>
                            <inventory_link>0</inventory_link>
                            <applications>
                                <application>
                                    <name>Disk partitions</name>
                                </application>
                            </applications>
                            <valuemap/>
                        </item_prototype>
                        <item_prototype>
                            <name>Used disk space on $1 in units</name>
                            <type>4</type>
                            <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                            <multiplier>0</multiplier>
                            <snmp_oid>HOST-RESOURCES-MIB::hrStorageUsed.{#SNMPINDEX}</snmp_oid>
                            <key>hrStorageUsed[{#SNMPVALUE}]</key>
                            <delay>60</delay>
                            <history>7</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>3</value_type>
                            <allowed_hosts/>
                            <units>units</units>
                            <delta>0</delta>
                            <snmpv3_securityname/>
                            <snmpv3_securitylevel>0</snmpv3_securitylevel>
                            <snmpv3_authpassphrase/>
                            <snmpv3_privpassphrase/>
                            <formula>1</formula>
                            <delay_flex/>
                            <params/>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description>The amount of the storage represented by this entry that is allocated, in units of hrStorageAllocationUnits.</description>
                            <inventory_link>0</inventory_link>
                            <applications>
                                <application>
                                    <name>Disk partitions</name>
                                </application>
                            </applications>
                            <valuemap/>
                        </item_prototype>
                    </item_prototypes>
                    <trigger_prototypes>
                        <trigger_prototype>
                            <expression>{Template CheckPoint SNMP:hrStorageUsed[{#SNMPVALUE}].last(0)} / {Template CheckPoint SNMP:hrStorageSize[{#SNMPVALUE}].last(0)} &gt; 0.8</expression>
                            <name>Free disk space is less than 20% on volume {#SNMPVALUE}</name>
                            <url/>
                            <status>0</status>
                            <priority>2</priority>
                            <description/>
                            <type>0</type>
                        </trigger_prototype>
                    </trigger_prototypes>
                    <graph_prototypes>
                        <graph_prototype>
                            <name>Disk space usage {#SNMPVALUE}</name>
                            <width>600</width>
                            <height>340</height>
                            <yaxismin>0.0000</yaxismin>
                            <yaxismax>0.0000</yaxismax>
                            <show_work_period>0</show_work_period>
                            <show_triggers>0</show_triggers>
                            <type>2</type>
                            <show_legend>1</show_legend>
                            <show_3d>1</show_3d>
                            <percent_left>0.0000</percent_left>
                            <percent_right>0.0000</percent_right>
                            <ymin_type_1>0</ymin_type_1>
                            <ymax_type_1>0</ymax_type_1>
                            <ymin_item_1>0</ymin_item_1>
                            <ymax_item_1>0</ymax_item_1>
                            <graph_items>
                                <graph_item>
                                    <sortorder>0</sortorder>
                                    <drawtype>0</drawtype>
                                    <color>00C800</color>
                                    <yaxisside>0</yaxisside>
                                    <calc_fnc>2</calc_fnc>
                                    <type>2</type>
                                    <item>
                                        <host>Template CheckPoint SNMP</host>
                                        <key>hrStorageSizeInBytes[{#SNMPVALUE}]</key>
                                    </item>
                                </graph_item>
                                <graph_item>
                                    <sortorder>1</sortorder>
                                    <drawtype>0</drawtype>
                                    <color>C80000</color>
                                    <yaxisside>0</yaxisside>
                                    <calc_fnc>2</calc_fnc>
                                    <type>0</type>
                                    <item>
                                        <host>Template CheckPoint SNMP</host>
                                        <key>hrStorageUsedInBytes[{#SNMPVALUE}]</key>
                                    </item>
                                </graph_item>
                            </graph_items>
                        </graph_prototype>
                    </graph_prototypes>
                </discovery_rule>            
			</discovery_rules>
            <macros/>
			<templates/>
            <screens>
                <screen>
                    <name>Check Point Screen</name>
                    <hsize>2</hsize>
                    <vsize>3</vsize>
                    <screen_items>
                        <screen_item>
                            <resourcetype>0</resourcetype>
                            <width>500</width>
                            <height>100</height>
                            <x>0</x>
                            <y>0</y>
                            <colspan>1</colspan>
                            <rowspan>1</rowspan>
                            <elements>0</elements>
                            <valign>0</valign>
                            <halign>0</halign>
                            <style>0</style>
                            <url/>
                            <dynamic>0</dynamic>
                            <sort_triggers>0</sort_triggers>
                            <resource>
                                <name>Processor usage</name>
                                <host>Template CheckPoint SNMP</host>
                            </resource>
                        </screen_item>
                        <screen_item>
                            <resourcetype>0</resourcetype>
                            <width>500</width>
                            <height>100</height>
                            <x>1</x>
                            <y>0</y>
                            <colspan>1</colspan>
                            <rowspan>1</rowspan>
                            <elements>0</elements>
                            <valign>0</valign>
                            <halign>0</halign>
                            <style>0</style>
                            <url/>
                            <dynamic>0</dynamic>
                            <sort_triggers>0</sort_triggers>
                            <resource>
                                <name>Connections</name>
                                <host>Template CheckPoint SNMP</host>
                            </resource>
                        </screen_item>
                        <screen_item>
                            <resourcetype>0</resourcetype>
                            <width>500</width>
                            <height>100</height>
                            <x>1</x>
                            <y>1</y>
                            <colspan>1</colspan>
                            <rowspan>1</rowspan>
                            <elements>0</elements>
                            <valign>0</valign>
                            <halign>0</halign>
                            <style>0</style>
                            <url/>
                            <dynamic>0</dynamic>
                            <sort_triggers>0</sort_triggers>
                            <resource>
                                <name>Response time</name>
                                <host>Template CheckPoint SNMP</host>
                            </resource>
                        </screen_item>
                        <screen_item>
                            <resourcetype>0</resourcetype>
                            <width>500</width>
                            <height>100</height>
                            <x>0</x>
                            <y>2</y>
                            <colspan>1</colspan>
                            <rowspan>1</rowspan>
                            <elements>0</elements>
                            <valign>0</valign>
                            <halign>0</halign>
                            <style>0</style>
                            <url/>
                            <dynamic>0</dynamic>
                            <sort_triggers>0</sort_triggers>
                            <resource>
                                <name>Memory usage</name>
                                <host>Template CheckPoint SNMP</host>
                            </resource>
                        </screen_item>
                    </screen_items>
                </screen>
            </screens>
        </template>
    </templates>
    <triggers>
        <trigger>
            <expression>{Template CheckPoint SNMP:icmppingsec.last(0)}&gt;1</expression>
            <name>ICMP ping response too slow from {HOST.NAME}</name>
            <url/>
            <status>0</status>
            <priority>2</priority>
            <description>Host reponses to ICMP ping but too slowly. Might be CPU load on host or network traffic causing this.</description>
            <type>0</type>
            <dependencies/>
        </trigger>
        <trigger>
            <expression>({Template CheckPoint SNMP:procSysTime.last(20)}+{Template CheckPoint SNMP:procUsrTime.last(20)}) &gt; 50 &amp; ({Template CheckPoint SNMP:procSysTime.last(20)}+{Template CheckPoint SNMP:procUsrTime.last(20)}) &lt; 70</expression>
            <name>Processor usage above 50%</name>
            <url/>
            <status>0</status>
            <priority>1</priority>
            <description/>
            <type>0</type>
            <dependencies/>
        </trigger>
        <trigger>
            <expression>({Template CheckPoint SNMP:procSysTime.last(20)}+{Template CheckPoint SNMP:procUsrTime.last(20)}) &gt; 70 &amp; ({Template CheckPoint SNMP:procSysTime.last(20)}+{Template CheckPoint SNMP:procUsrTime.last(20)}) &lt; 90</expression>
            <name>Processor usage above 70%</name>
            <url/>
            <status>0</status>
            <priority>2</priority>
            <description/>
            <type>0</type>
            <dependencies/>
        </trigger>
        <trigger>
            <expression>({Template CheckPoint SNMP:procSysTime.last(20)}+{Template CheckPoint SNMP:procUsrTime.last(20)}) &gt; 90 &amp; ({Template CheckPoint SNMP:procSysTime.last(20)}+{Template CheckPoint SNMP:procUsrTime.last(20)}) &lt; 100</expression>
            <name>Processor usage above 90%</name>
            <url/>
            <status>0</status>
            <priority>3</priority>
            <description/>
            <type>0</type>
            <dependencies/>
        </trigger>
        <trigger>
            <expression>({Template CheckPoint SNMP:procSysTime.last(20)}+{Template CheckPoint SNMP:procUsrTime.last(20)}) = 100</expression>
            <name>Processor usage on 100%</name>
            <url/>
            <status>0</status>
            <priority>4</priority>
            <description/>
            <type>0</type>
            <dependencies/>
        </trigger>
        <trigger>
            <expression>{Template CheckPoint SNMP:net.tcp.service[ssh].last(0)}=0</expression>
            <name>SSH service is down on {HOST.NAME}</name>
            <url/>
            <status>0</status>
            <priority>3</priority>
            <description/>
            <type>0</type>
            <dependencies/>
        </trigger>
        <trigger>
            <expression>{Template CheckPoint SNMP:haWorkMode.diff(0)}=1 | {Template CheckPoint SNMP:haState.diff(0)}=1</expression>
            <name>{HOSTNAME} HA State Change</name>
            <url/>
            <status>0</status>
            <priority>2</priority>
            <description/>
            <type>0</type>
            <dependencies/>
        </trigger>
        <trigger>
            <expression>{Template CheckPoint SNMP:haState.str(active)}=0 &amp; {Template CheckPoint SNMP:haState.str(standby)}=0</expression>
            <name>{HOSTNAME} HA State not Active/Standby</name>
            <url/>
            <status>0</status>
            <priority>3</priority>
            <description/>
            <type>0</type>
            <dependencies/>
        </trigger>
        <trigger>
            <expression>{Template CheckPoint SNMP:fwInstallTime.diff(0)}=1</expression>
            <name>{HOSTNAME} Policy installed</name>
            <url/>
            <status>0</status>
            <priority>1</priority>
            <description/>
            <type>0</type>
            <dependencies/>
        </trigger>
    </triggers>
    <graphs>
        <graph>
            <name>Connections</name>
            <width>900</width>
            <height>200</height>
            <yaxismin>0.0000</yaxismin>
            <yaxismax>100.0000</yaxismax>
            <show_work_period>1</show_work_period>
            <show_triggers>1</show_triggers>
            <type>0</type>
            <show_legend>1</show_legend>
            <show_3d>0</show_3d>
            <percent_left>0.0000</percent_left>
            <percent_right>0.0000</percent_right>
            <ymin_type_1>0</ymin_type_1>
            <ymax_type_1>0</ymax_type_1>
            <ymin_item_1>0</ymin_item_1>
            <ymax_item_1>0</ymax_item_1>
            <graph_items>
                <graph_item>
                    <sortorder>0</sortorder>
                    <drawtype>0</drawtype>
                    <color>00C800</color>
                    <yaxisside>0</yaxisside>
                    <calc_fnc>2</calc_fnc>
                    <type>0</type>
                    <item>
                        <host>Template CheckPoint SNMP</host>
                        <key>fwNumConn</key>
                    </item>
                </graph_item>
            </graph_items>
        </graph>
        <graph>
            <name>Memory usage</name>
            <width>900</width>
            <height>200</height>
            <yaxismin>0.0000</yaxismin>
            <yaxismax>100.0000</yaxismax>
            <show_work_period>1</show_work_period>
            <show_triggers>1</show_triggers>
            <type>0</type>
            <show_legend>1</show_legend>
            <show_3d>0</show_3d>
            <percent_left>0.0000</percent_left>
            <percent_right>0.0000</percent_right>
            <ymin_type_1>0</ymin_type_1>
            <ymax_type_1>0</ymax_type_1>
            <ymin_item_1>0</ymin_item_1>
            <ymax_item_1>
                <host>Template CheckPoint SNMP</host>
                <key>memTotalVirtual64</key>
            </ymax_item_1>
            <graph_items>
                <graph_item>
                    <sortorder>1</sortorder>
                    <drawtype>1</drawtype>
                    <color>C80000</color>
                    <yaxisside>0</yaxisside>
                    <calc_fnc>2</calc_fnc>
                    <type>0</type>
                    <item>
                        <host>Template CheckPoint SNMP</host>
                        <key>memActiveReal64</key>
                    </item>
                </graph_item>
                <graph_item>
                    <sortorder>0</sortorder>
                    <drawtype>1</drawtype>
                    <color>00C800</color>
                    <yaxisside>0</yaxisside>
                    <calc_fnc>2</calc_fnc>
                    <type>0</type>
                    <item>
                        <host>Template CheckPoint SNMP</host>
                        <key>memActiveVirtual64</key>
                    </item>
                </graph_item>
            </graph_items>
        </graph>
        <graph>
            <name>Processor usage</name>
            <width>900</width>
            <height>200</height>
            <yaxismin>0.0000</yaxismin>
            <yaxismax>100.0000</yaxismax>
            <show_work_period>1</show_work_period>
            <show_triggers>1</show_triggers>
            <type>1</type>
            <show_legend>1</show_legend>
            <show_3d>0</show_3d>
            <percent_left>0.0000</percent_left>
            <percent_right>0.0000</percent_right>
            <ymin_type_1>0</ymin_type_1>
            <ymax_type_1>0</ymax_type_1>
            <ymin_item_1>0</ymin_item_1>
            <ymax_item_1>0</ymax_item_1>
            <graph_items>
                <graph_item>
                    <sortorder>1</sortorder>
                    <drawtype>0</drawtype>
                    <color>C80000</color>
                    <yaxisside>0</yaxisside>
                    <calc_fnc>2</calc_fnc>
                    <type>0</type>
                    <item>
                        <host>Template CheckPoint SNMP</host>
                        <key>procSysTime</key>
                    </item>
                </graph_item>
                <graph_item>
                    <sortorder>0</sortorder>
                    <drawtype>0</drawtype>
                    <color>00C800</color>
                    <yaxisside>0</yaxisside>
                    <calc_fnc>2</calc_fnc>
                    <type>0</type>
                    <item>
                        <host>Template CheckPoint SNMP</host>
                        <key>procUsrTime</key>
                    </item>
                </graph_item>
            </graph_items>
        </graph>
        <graph>
            <name>Response time</name>
            <width>900</width>
            <height>200</height>
            <yaxismin>0.0000</yaxismin>
            <yaxismax>100.0000</yaxismax>
            <show_work_period>1</show_work_period>
            <show_triggers>1</show_triggers>
            <type>0</type>
            <show_legend>1</show_legend>
            <show_3d>0</show_3d>
            <percent_left>0.0000</percent_left>
            <percent_right>0.0000</percent_right>
            <ymin_type_1>0</ymin_type_1>
            <ymax_type_1>0</ymax_type_1>
            <ymin_item_1>0</ymin_item_1>
            <ymax_item_1>0</ymax_item_1>
            <graph_items>
                <graph_item>
                    <sortorder>0</sortorder>
                    <drawtype>0</drawtype>
                    <color>C80000</color>
                    <yaxisside>0</yaxisside>
                    <calc_fnc>2</calc_fnc>
                    <type>0</type>
                    <item>
                        <host>Template CheckPoint SNMP</host>
                        <key>icmppingsec</key>
                    </item>
                </graph_item>
            </graph_items>
        </graph>
    </graphs>
</zabbix_export>

Abaixo irei detalhar os OIDs mais interessantes, não necessariamente coletei todos no template, mas caso surja alguma necessidade especial podemos facilmente consultar os principais itens abaixo e estender o template disponível para download quando necessário.

# UC Davis MIB - UCD-SNMP-MIB
# Os itens comentados são apenas para entender o caminho utilizado, facilitando
# caso esteja buscando algum outro item próximo
# ucdavis		1.3.6.1.4.1.2021
# memory		1.3.6.1.4.1.2021.4
# dskTable	    1.3.6.1.4.1.2021.9
# systemStats	1.3.6.1.4.1.2021.11

# CPU [%] - UCD-SNMP-MIB
ssCpuUser		1.3.6.1.4.1.2021.11.9		! Processor user time
ssCpuSystem		1.3.6.1.4.1.2021.11.10		! Processor system time
ssCpuIdle		1.3.6.1.4.1.2021.11.11		! Processor idle time

# Memoria [kbytes] - UCD-SNMP-MIB
memTotalSwap	1.3.6.1.4.1.2021.4.3		! Total swap space
memAvailSwap	1.3.6.1.4.1.2021.4.4		! Free swap space
memTotalReal	1.3.6.1.4.1.2021.4.5		! Total real memory
memAvailReal	1.3.6.1.4.1.2021.4.6		! Available real memory

# Interfaces - IF-MIB
# Para as interfaces vamos utilizar o template já definido no Zabbix
# pois há a necessidade do discovery devido ao número de interfaces ser variável
ifIndex				1.3.6.1.2.1.2.2.1.1
ifDescr				1.3.6.1.2.1.2.2.1.2
ifType				1.3.6.1.2.1.2.2.1.3
ifMtu				1.3.6.1.2.1.2.2.1.4
ifSpeed				1.3.6.1.2.1.2.2.1.5
ifPhysAddress		1.3.6.1.2.1.2.2.1.6
ifAdminStatus		1.3.6.1.2.1.2.2.1.7
ifOperStatus		1.3.6.1.2.1.2.2.1.8
ifLastChange		1.3.6.1.2.1.2.2.1.9
ifInOctets			1.3.6.1.2.1.2.2.1.10
ifInUcastPkts		1.3.6.1.2.1.2.2.1.11
ifInNUcastPkts		1.3.6.1.2.1.2.2.1.12
ifInDiscards		1.3.6.1.2.1.2.2.1.13
ifInErrors			1.3.6.1.2.1.2.2.1.14
ifInUnknownProtos	1.3.6.1.2.1.2.2.1.15
ifOutOctets			1.3.6.1.2.1.2.2.1.16
ifOutDiscards		1.3.6.1.2.1.2.2.1.19
ifOutErrors			1.3.6.1.2.1.2.2.1.20

# Disco - UCD-SNMP-MIB
dskIndex	    1.3.6.1.4.1.2021.9.1.1
dskPath	        1.3.6.1.4.1.2021.9.1.2
dskDevice	    1.3.6.1.4.1.2021.9.1.3
dskMinimum	    1.3.6.1.4.1.2021.9.1.4
dskMinPercent	1.3.6.1.4.1.2021.9.1.5
dskTotal	    1.3.6.1.4.1.2021.9.1.6
dskAvail	    1.3.6.1.4.1.2021.9.1.7
dskUsed	        1.3.6.1.4.1.2021.9.1.8
dskPercent	    1.3.6.1.4.1.2021.9.1.9
dskPercentNode	1.3.6.1.4.1.2021.9.1.10
dskErrorFlag	1.3.6.1.4.1.2021.9.1.100
dskErrorMsg	    1.3.6.1.4.1.2021.9.1.101

# HOST-RESOURCES-MIB
# Não use o sysUpTimeInstance (1.3.6.1.2.1.1.3.0) pois esse é o uptime do
# daemon SNMP, não necessariamente do hardware
# Uptime [timeticks, 0.01s]
hrSystemUptime	1.3.6.1.2.1.25.1.1

Algumas métricas você também pode coletar diretamente da MIB da Check Point, como CPU. Existem algumas métricas exclusivas nessa MIB como o número de conexões estabelecidas.

# Check Point MIB
# checkpoint	    1.3.6.1.4.1.2620
# products 		    1.3.6.1.4.1.2620.1
# fw			    1.3.6.1.4.1.2620.1.1
# fwPolicyStat	    1.3.6.1.4.1.2620.1.1.25
# fwIfTable		    1.3.6.1.4.1.2620.1.1.25.5		! Interfaces
# fwIfEntry		    1.3.6.1.4.1.2620.1.1.25.5.1		! Interfaces
# svn			    1.3.6.1.4.1.2620.1.6
# svnPerf		    1.3.6.1.4.1.2620.1.6.7
# svnProc		    1.3.6.1.4.1.2620.1.6.7.2		! CPU
# svnMem64		    1.3.6.1.4.1.2620.1.6.7.4		! Memória

# CPU [%]
procUsrTime		    1.3.6.1.4.1.2620.1.6.7.2.1		! Processor user time
procSysTime		    1.3.6.1.4.1.2620.1.6.7.2.2		! Processor system time
procIdleTime		1.3.6.1.4.1.2620.1.6.7.2.3		! Processor idle time
procUsage		    1.3.6.1.4.1.2620.1.6.7.2.4		! Processor usage

# Memória [bytes]
memTotalVirtual64	1.3.6.1.4.1.2620.1.6.7.4.1		! Total memory (real + swap)
memActiveVirtual64	1.3.6.1.4.1.2620.1.6.7.4.2		! Active total memory
memTotalReal64		1.3.6.1.4.1.2620.1.6.7.4.3		! Total real memory
memActiveReal64		1.3.6.1.4.1.2620.1.6.7.4.4		! Active real memory
memFreeReal64		1.3.6.1.4.1.2620.1.6.7.4.5		! Available real memory

# Interfaces
fwIfIndex	        1.3.6.1.4.1.2620.1.1.25.5.1.1
fwIfName	        1.3.6.1.4.1.2620.1.1.25.5.1.2
fwAcceptPcktsIn	    1.3.6.1.4.1.2620.1.1.25.5.1.5
fwAcceptPcktsOut	1.3.6.1.4.1.2620.1.1.25.5.1.6
fwAcceptBytesIn	    1.3.6.1.4.1.2620.1.1.25.5.1.7
fwAcceptBytesOut	1.3.6.1.4.1.2620.1.1.25.5.1.8
fwDropPcktsIn	    1.3.6.1.4.1.2620.1.1.25.5.1.9
fwDropPcktsOut	    1.3.6.1.4.1.2620.1.1.25.5.1.10
fwRejectPcktsIn	    1.3.6.1.4.1.2620.1.1.25.5.1.11
fwRejectPcktsOut    1.3.6.1.4.1.2620.1.1.25.5.1.12
fwLogIn	            1.3.6.1.4.1.2620.1.1.25.5.1.13
fwLogOut	        1.3.6.1.4.1.2620.1.1.25.5.1.14

# Connections
fwNumConn		    1.3.6.1.4.1.2620.1.1.25.3		! Current connections
fwPeakNumConn	    1.3.6.1.4.1.2620.1.1.25.4		! Peak number of connections

# VPN
# É possivel validar o valor do OID cpvCurrEspSAsIn com
# o comando "fw tab -t userc_users -s"
cpvCurrEspSAsIn	    1.3.6.1.4.1.2620.1.2.5.2.1      ! Remote Access User Count

# High Availability
haState				1.3.6.1.4.1.2620.1.5.6			! High Availability State
haWorkMode			1.3.6.1.4.1.2620.1.5.11			! High Availability Mode

# Check Point General Stats
svnVersion			1.3.6.1.4.1.2620.1.6.4.1		! Product Version
fwModuleState		1.3.6.1.4.1.2620.1.1.1			! Firewall Module State
fwProduct			1.3.6.1.4.1.2620.1.1.10			! Product name
fwInstallTime		1.3.6.1.4.1.2620.1.1.25.2		! Firewall Policy Install Time
osName				1.3.6.1.4.1.2620.1.6.5.1		! OS name

Após definir as OIDs mais importantes para coleta, criei um template para Check Point (com SO Secure Platform), usei trechos das SNMPs já existentes no Zabbix mas elas estão incorporadas no template, de forma que o mesmo é totalmente independente (não tem link com os outros templates).

Referências
UCD-SNMP-MIB
IF-MIB
HOST-RESOURCES-MIB
CHECKPOINT-MIB
Check Point Products SNMP MIB
SecurePlatform OS SNMP MIB
SNMP OID for the number Remote Access users (SR/SC/EPC/SNX) currently connected to a VPN-1 gateway
Linux OID’s for CPU,Memory and Disk Statistics
Zabbix 2 CheckPoint SNMP template
Monitoring Checkpoint Firewalls with SNMP
Check Point Firewall Metrics
Oracle® Enterprise Manager System Monitoring Plug-in Metric Reference Manual for Network Management
In search of Firewalls KPIs

26/02/2013

Monitorando Check Point com Zabbix – Parte 1

Filed under: checkpoint,monitoring — drak @ 10:14 AM

Embora pareça ser algo trivial, a monitoração de um firewall CheckPoint apresenta algumas particularidades interessantes, além disso também é importante notar que a tarefa de customização de uma ferramenta de monitoração (nesse caso o Zabbix) também nem sempre é tão intuitiva quanto podemos pensar à primeira vista.

Este artigo pretende orientar a comunidade e prover algumas recomendações sobre como monitorar adequadamente seu ambiente de firewall CheckPoint, não é escopo desse post a instalação do Zabbix mas sim a configuração do SNMP no CheckPoint e a configuração da coleta de dados e exibição de gráficos no Zabbix já instalado, porém é importante lembrar de habilitar o SNMP durante a instalação/compilação do Zabbix.

Irei separar o artigo em duas partes, nessa primeira etapa iremos ativar o SNMP e na segunda parte configuraremos a coleta no Zabbix.

# Inicialmente vamos configurar os parâmetros SNMP do Sistema Operacional (splat)
# Verifica se o serviço já está rodando
ps aux | grep snmp
netstat -an | egrep ":161|:260"
# Se necessário desabilita o mesmo para alteração
snmp service disable
# Altera o arquivo de configuração para sua community personalizada
# Importante remover a community padrão "public"
vi  /etc/snmp/snmpd.users.conf
rocommunity D3adpack3tsR3AD
# As vezes é necessário incluir a linha abaixo para que as requisições para o SNMP da Check Point funcionem
proxy -v 1 -c public localhost:260 .1.3.6.1.4.1.2620
# Define os servidores de monitoração que recebrão as traps
vi /etc/snmp/snmpd.conf
syslocation	"Brazil, MA, DC Amazonas, Rack B22"
syscontact	"my_group_email@company.com"
trap2sink 192.0.2.10 D3adpack3tsR3AD

# Agora vamos configurar os parâmetros de SNMP da aplicação (firewall CheckPoint)
# Altere os valores entre parênteses conforme exemplo
vi $FWDIR/conf/snmp.C
(
        : (
                : (system.sysName.0
                        :value (MY_FIREWALL_HOSTNAME)
                )
                : (system.sysDescr.0
                        :value ("Linux i386 vEL.3.0 Check Point FireWall-1")
                )
                : (system.sysContact.0
                        :value ("my_group_email@company.com")
                )
                : (system.sysLocation.0
                        :value ("Brazil, MA, DC Amazonas, Rack B22")
                )
                : (system.sysObjectID.0
                        :value (".1.3.6.1.4.1.2620.1.1")
                )
        )
        :snmp_community (
                :read (D3adpack3tsR3AD)
                :write ()
        )
)

# Habilita o serviço
snmp service enable
# Testes
# Obtem o hostname da SNMP do SO
snmpwalk -c D3adpack3tsR3AD -v 2c localhost SNMPv2-MIB::sysName.0
# Testa a SNMP do Check Point
snmpwalk -c D3adpack3tsR3AD -v 2c localhost 1.3.6.1.4.1.2620
# Caso não funcione mate o processo cpsnmpd que está rodando e inicie-o novamente
cpsnmpd -p 260
# Testa remotamente, a partir do Zabbix
snmpwalk -c D3adpack3tsR3AD -v 2c YOUR_FIREWALL_REMOTE_IP SNMPv2-MIB::sysName.0
# Se necessario, restarte o serviço
service snmpd restart

A partir desse ponto já é possível incluir o equipamento em alguma ferramenta que realize a coleta de informações via SNPM como Nagios, SolarWinds ou Zabbix. No próximo artigo iremos criar o template, o host, associá-los e criar os screens mais relevantes.

Referências
How to enable SNMP on SecurePlatform
How to Configure SNMP on SecurePlatform
Machine with Check Point software responds with ‘No Such Object available on this agent at this OID’ to Check Point SNMP OID, but responds correctly to generic SNMP OID
Where to find Check Point MIB and SecurePlatform MIB information
SNMP on SPLAT – any HOWTO?
SNMP configuration in Checkpoint Secureplatform
Configuring system monitoring with SNMP for Check Point security gateways and security management

02/11/2011

Troubleshooting de lentidão com firewall, MPLS e HP-UX

Filed under: checkpoint,troubleshooting — drak @ 9:20 PM

Enfrentava um problema de lentidão em um sistema web acessado por uma empresa parceira que chegava no meu cliente por uma MPLS contratada de um ISP.

Testes de ping mostravam entre 25% a 75% de perda de pacotes, a operadora já havia tentado corrigir a situação aplicando QoS no roteador de WAN mais próximo do cliente porém não surtiu efeito. No meio do caminho havia um Check Point R71.30 splat com conhecido problema de alto processamento (CPU constantemente entre 75% e 85%).

Inicialmente queria estabelecer um baseline desse sistema web que era afetado pela lentidão. Fui informado que outra empresa parceira tambem acessava esse mesmo sistema e que seu desempenho era medido por agentes que mostravam um tempo médio de resposta de 2s.

Com essa informação confrontei com o tempo a partir da parceira problemática. Eles obteram essa informação com o HttpWatch, ferramenta que provê gratuitamenta esse tipo de métrica, podemos ver um exemplo de medição para o site yahoo.com abaixo.

O tempo foi em média 30s, portanto muito maior, comparativamente, com a velocidade esperada do sistema.

O próximo passo seria um traceroute a partir da parceira afetada até o web server, não conseguimos progredir com essa abordagem pois o firewall no parceiro não possuia liberação para isso.

Mudamos a abordagem e fizemos um traceroute a partir do roteador da wan que estava na frente deste firewall (da parceira), o gateway do firewall para a rede MPLS. A partir desse ponto obtivemos o caminho até o web server, cada asterisco é um IP que mapeamos usando o traceroute.

|LAN PARCEIRA| – |FW PARC| – |ROUTER WAN PARC| – *|ROUTER1| – *|ROUTER2| – *|ROUTER WAN CUST| – *|FW CLIENTE| – *|WEB SERVER|

Com um traceroute no sentido contrário, feito a partir do firewall (pois o web server estava diretamente conectado) cruzamos as duas informações e montamos a topologia completa do ambiente afetado pelo problema:

|LAN PARCEIRA| – |FW PARC| – |ROUTER WAN PARC|* – *|ROUTER1|* – *|ROUTER2|* – *|ROUTER WAN CUST|* – *|FW CLIENTE| – *|WEB SERVER|

Com o ambiente mapeado começamos os testes. Ping a partir do equipamento ROUTER WAN PARC para o WEB SERVER indicava perdas de até 75%!

Próximo hop mesmo teste, e assim por diante, vejam os resultados.

ROUTER WAN PARC, WEB SERVER: 75%
ROUTER1, WEB SERVER: 75%
ROUTER2, WEB SERVER: 75%
ROUTER WAN CUST, WEB SERVER: 0%
FW CLIENTE: 0%

Com os resultados desses testes, imaginei que havíamos descoberto que o problema estava entre o segmento ROUTER WAN PARC e a interface mais próxima dele do ROUTER WAN CUST, porém ao fazer testes iniciando do ROUTER2 também tinhamos uma quantidade alta de perda, a príncipio eliminando a possibilidade de ser algo no segmento anteriormente suspeito.

Ao analisar o resultado das falhas de ping do ROUTER2 notamos algo estranho, ele não simplemente perdia os pacotes por time-out mas sim por algum outro motivo, vejam a imagem:

Pesquisando um pouco descobrimos que a mensagem icmp !Q era enviada quando o servidor estava com seu buffer estava cheio e não conseguia lidar com todos os pings enviados para ele, essa mensagem solicita ao host que está enviando os pacotes que o mesmo diminuia a velocidade de envio.

Outra informação importante é que, embora no firewall ele não definisse os pacotes como perdidos também estávamos recebendo pacotes de ICMP source-quench, segue um exemplo dos logs que víamos no firewall.

FIREWALL[admin]# ping -s 1400 XXX.XXX.XXX.177
PING XXX.XXX.XXX.177 (XXX.XXX.XXX.177): 1400 data bytes
1408 bytes from XXX.XXX.XXX.177: icmp_seq=0 ttl=255 time=2.025 ms
1408 bytes from XXX.XXX.XXX.177: icmp_seq=1 ttl=255 time=0.343 ms
1408 bytes from XXX.XXX.XXX.177: icmp_seq=2 ttl=255 time=0.336 ms
1408 bytes from XXX.XXX.XXX.177: icmp_seq=3 ttl=255 time=3.196 ms
...
1408 bytes from XXX.XXX.XXX.177: icmp_seq=50 ttl=255 time=0.334 ms
1408 bytes from XXX.XXX.XXX.177: icmp_seq=51 ttl=255 time=0.312 ms
1408 bytes from XXX.XXX.XXX.177: icmp_seq=52 ttl=255 time=0.672 ms
1408 bytes from XXX.XXX.XXX.177: icmp_seq=53 ttl=255 time=1.046 ms
1408 bytes from XXX.XXX.XXX.177: icmp_seq=54 ttl=255 time=0.344 ms
92 bytes from XXX.XXX.XXX.177: Source Quench
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0594 00e4 0 0000 40 01 f861 XXX.XXX.XXX.10 XXX.XXX.XXX.177

1408 bytes from XXX.XXX.XXX.177: icmp_seq=55 ttl=255 time=0.456 ms
92 bytes from XXX.XXX.XXX.177: Source Quench
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0594 010c 0 0000 40 01 f839 XXX.XXX.XXX.10 XXX.XXX.XXX.177

1408 bytes from XXX.XXX.XXX.177: icmp_seq=56 ttl=255 time=0.362 ms
92 bytes from XXX.XXX.XXX.177: Source Quench
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0594 0132 0 0000 40 01 f813 XXX.XXX.XXX.10 XXX.XXX.XXX.177

1408 bytes from XXX.XXX.XXX.177: icmp_seq=57 ttl=255 time=0.276 ms
92 bytes from XXX.XXX.XXX.177: Source Quench
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0594 0154 0 0000 40 01 f7f1 XXX.XXX.XXX.10 XXX.XXX.XXX.177

1408 bytes from XXX.XXX.XXX.177: icmp_seq=58 ttl=255 time=0.314 ms
92 bytes from XXX.XXX.XXX.177: Source Quench
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0594 0178 0 0000 40 01 f7cd XXX.XXX.XXX.10 XXX.XXX.XXX.177

1408 bytes from XXX.XXX.XXX.177: icmp_seq=59 ttl=255 time=0.286 ms
92 bytes from XXX.XXX.XXX.177: Source Quench
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0594 01a1 0 0000 40 01 f7a4 XXX.XXX.XXX.10 XXX.XXX.XXX.177

1408 bytes from XXX.XXX.XXX.177: icmp_seq=60 ttl=255 time=2.355 ms
92 bytes from XXX.XXX.XXX.177: Source Quench
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0594 01c8 0 0000 40 01 f77d XXX.XXX.XXX.10 XXX.XXX.XXX.177

1408 bytes from XXX.XXX.XXX.177: icmp_seq=61 ttl=255 time=0.333 ms
92 bytes from XXX.XXX.XXX.177: Source Quench
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0594 01ee 0 0000 40 01 f757 XXX.XXX.XXX.10 XXX.XXX.XXX.177

1408 bytes from XXX.XXX.XXX.177: icmp_seq=62 ttl=255 time=0.592 ms
92 bytes from XXX.XXX.XXX.177: Source Quench
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0594 020f 0 0000 40 01 f736 XXX.XXX.XXX.10 XXX.XXX.XXX.177

Para forçar esse log a aparecer de maneira mais constante, usamos a opção de ping “flood” (ping host -f), ao fazer isso constatamos que o comportamento do servidor era o mesmo tanto para o router quanto para o firewall, que estava diretamente conectado.

Após verificação da saúde do servidor (CPU, memória, velocidade da placa de rede, erros na interface) começamos a investigar outros motivos para que essa mensagem possa ser enviada que não envolvam o servidor não estar “aguentando” a taxa de pings enviados. O servidor em questão era um HP-UX e isso nos trouxe alguns artigos interessantes.

Descobrimos que havia uma certa proteção interna nos servidores HP-UX e que havia um meio de desativar essa proteção, dada a natureza do nosso teste (envio de repetidos pings a partir de um router, que tem uma taxa de envio bem alta, certamente isso estava atrapalhando os testes. Após desabilitar a proteção seguindo o conselho de um dos blogs (Set “Source quench” to 0 as “ndd -set /dev/ip ip_send_souce_quench 0” and include this parameter inside “nddconf” file.) refizemos os testes, com os seguintes resultados:

ROUTER WAN PARC, WEB SERVER: 25%
ROUTER1, WEB SERVER: 25%
ROUTER2, WEB SERVER: 0%
ROUTER WAN CUST, WEB SERVER: 0%
FW CLIENTE: 0%

Agora sim, uma vez removido o fator “source-quench” que estava mascarando os resultados conseguimos isolar em que trecho da rede estava o real problema de lentidão. O ISP investigou o problema e informou que o problema estava com uma política de QoS nesse trecho, uma vez removida a política as perdas pararam e o acesso Web voltou ao patamar esperado (cerca de 2s).

Referências
Understanding the Ping and Traceroute Commands
HttpWatch
ICMP Source Quench
HP-UX ping source quench

22/09/2011

Verificando e limpando a tabela de sessões no CheckPoint

Filed under: checkpoint,dicas e truques — drak @ 10:23 PM

Post rápido sobre tabela de sessões no Checkpoint, para manipular a tabela de conexões segue:

CONEXÕES:
fw tab -t connections -s (para sumário)
fw tab -t connections -x (para limpar)

A tabela de sessões acima não leva em consideração os NATs, eles estão em outra tabela específica (fwx_alloc):

NAT:
fw tab -t fwx_alloc -s
fw tab -t fwx_alloc -x

Referências
CPshared Forum

07/07/2011

CCSE Study Notes

Filed under: certificação,checkpoint — drak @ 3:38 PM

Recentemente obtive a certificação CCSE da Checkpoint, abaixo seguem as minhas notas de estudo. Usei os simulados existentes no próprio site da Checkpoint tanto para R70 quanto R71, na prova encontrei algumas questões idênticas de ambos.

Sugiro a quem for fazer a prova a também ler os Admin Guides dos respectivos produtos, assim como realizar todos os labs sugeridos no curso.

# Smart Portal / Management Portal: Facilitate remote management of corporate security gateways
porta padrão TCP/4433
smartportalstart / smartportalstop
/opt/CPportal-R70/portal/
hosts.allow
cp_httpd_admin.conf

# SmartWorkflow: Process a change request with SmartWorkflow

# SmartProvisioning: Implement provisioning deployment scenarios
SmartProvisioning indicators: OK, Needs Attention, Agent is in local mode, Uninitialized, Unknown
Backup local fica em /var/CPbackup/backups
LSMenabler -r
LSMcli

# SSL VPN: Configure and test VPN in a clustered environment

# SecureXL & CoreXL
fwaccell on / stat / conns -s
máximo de 8 cores
Client e Session Auth são sincronizadas no cluster, User Auth não
sim affinity / fw ctl affinity
Não acelera tráfego com ANY no serviço
Não acelera FTP

# Management HA

# ClusterXL
cphaprobe state
clusterXL_admin down / up
FIBMgr (TCP/2010) – Sincroniza rotas entre membros do cluster, NextHop GateD process
CCP (UDP/8116), Checkpoint Cluster Protocol
$FWDIR/boot/modules/fwkern.conf
fwha_mac_magic=0x_
fwha_mac_forward_magic=0x_
fw ctl get int fwha
Sticky Decision

# Dynamic Routing
router enable / config
no-flush-at-exit
write mem
vpn shell
interface add numbered
show interface summary all
show interface detailed all
IGMP Snooping não é habilitado por default

# Load Balancing / ConnectControl
Agente se comunica na UDP/18212

# QoS
WFRED (manages packet buffers, protege buffer de conn. agressivas) / RDED (elimina retransmits da queue)
ToS byte -> Differentiated Services
Low Latency Queuing for delay sensitive applications
Weighted Fair Queuing is used for relative allocation
fgate

# IPS: Modify IPS policy to improve bandwidth and protection

# DLP: Deploy and manage data loss prevention
DLP deve ser instalado isolado

# SmartEvent
windowEventToCPLog
-l log_server
-a windows_host
-s (credenciais)
$FWDIR/conf/syslog/CPdefined syslog files

# SmartReporter: Chart events into meaningful data
UpdateMySQLConfig -R
$RTDIR/Database/conf/my.conf
evstop -reporter

# Advanced Troubleshooting & Debugging: Apply advanced troubleshooting and debugging techniques

Blog no WordPress.com.