SNMP configuration in Checkpoint Secureplatform
By default Secureplatform doesn’t have allowed SNMP access in the box. To be able to access the snmp OIDs for the firewall follow the next steps:
Enable general SNMP
In this section we will enable the generic SNMP access through port UDP/161 to allow access to the generic OS OIDs.
First of all we will enable the SNMP service in the box with the command snmp service enable.
firewall# snmp service enable
/usr/sbin/snmpmonitor: Server's IP is not defined [ OK ]Next we will need to configure some configuration settings like the trap destination server. The file we will need to edit is under /etc/snmp/snmpd.conf.
The line to add in the configuration file (at the end of the file should be fine) is:
trap2sink {server-IP address} {snmp community name}
For example if our SNMP destination server for collecting traps is 10.1.1.1.
trap2sink 10.1.1.1 randomSNMP user configuration
To display the current configured users use the command snmp user show.
By default it will come configured with the default username of public but we will probably won’t want to have that in the firewall so to add a new username (with no authentication) for snmp use the command.
snmp user add noauthuser {username}
For example:
firewall# snmp user add noauthuser randomguy
snmpmonitor: no process killed [ OK ]
Starting snmpd: [ OK ]To configure a username with authentication (used for SNMPv3) use the command.
snmp user add authuser {username} pass {password}
For example:
snmp user add authuser randomguy pass randompassTo configure privacy also with the username:
snmp user add authuser {username} pass {password} priv {privacy password}
For example:
snmp user add authuser randomguy2 pass randompass2 priv randomprivFinally to delete a username use the command:
snmp user del {username}
For example:
firewall# snmp user del public
snmpmonitor: no process killed [ OK ]
Starting snmpd: [ OK ]Enable Checkpoint specific SNMP MIB
To enable access to specific checkpoint OIDs we will need to do the following:
Run the cpconfig command.
Then select the option SNMP extension and answer y to the question.
Once all this is done to access the Checkpoint OIDs use the value (1.3.6.1.4.1.2620.x).
If you want to import the Checkpoint MIBs to your snmp application they are located under the folder $CPDIR/lib/snmp
Tags: checkpoint, secureplatform, snmp
- Permalink
- Alberto Diaz
- 22 Jun 2010 4:38 PM
- Comments (1)
February 26th, 2013 at 13:14
[…] Where to find Check Point MIB and SecurePlatform MIB information SNMP on SPLAT – any HOWTO? SNMP configuration in Checkpoint Secureplatform Configuring system monitoring with SNMP for Check Point security gateways and security […]