DX NetOps

  • Private Community

  • 1.  Check point firewall VSX attributes missing

    Posted Feb 21, 2018 08:37 AM

    Hi,

     

    I have a spectrum test environment and production environment.

     

    I have tested check point firewall device certification in test and preformed the same in production.

     

    I can see attributes related to VSX in my test environment and they are missing in my production environment, I have no idea on the reason for their missing.

     

    Please let me know in came someone had experienced the same issue and what done to resolve this.

     

    Regards,

    Vishnu Prasad



  • 2.  Re: Check point firewall VSX attributes missing

    Posted Feb 21, 2018 05:19 PM

     could you pleas detail which attributes are missing for VSX please? Are both the Spectrum servers on the same patch level ?



  • 3.  Re: Check point firewall VSX attributes missing

    Posted Feb 22, 2018 03:24 AM

    Hi Phani,

     

    Below are the attributes missing.

     

    Name                     ID

    fwconntablelimit   0xfff00104

    fwnumconn           0xfff00103

     

     

    Both spectroservers are on same patch level: 10.2.1.0.98



  • 4.  Re: Check point firewall VSX attributes missing

    Posted Feb 22, 2018 05:31 AM

    Go to Tools ->Utilities->MIB Tools

     

    There will be Content ,click browse tab enter the device IP ,SNMP version ,SNMP string and in advanced option select particular landscape and click contact .Once connection is established there will a video icon under Hierarchy .Once the SNMP get is completed you can able to see the results in bottom check whether you can able to see that OID or value.



  • 5.  Re: Check point firewall VSX attributes missing

    Posted Feb 22, 2018 05:45 AM

    Hi,

     

    I can able to see those OID values.

     

    As stated, MIB files that present in my test set-up and production setup are same.

     

    Moreover I can see VSX connections under VSX counter tab of component detail Information tab.

     

    Regards,

    Vishnu Prasad 



  • 6.  Re: Check point firewall VSX attributes missing
    Best Answer

    Posted Feb 22, 2018 08:21 PM

    Ok, I understand your problem. 

     

    The reason for you not able to see the two attributes on your production is that the attribute support for them may not have been created as both fwconntablelimit  and fwnumconn do have the attribute ID mapped out of the box. Looking at the Attribute ID you might have manually created these in your test environment.

     

    To verify, open your MIB Tools and look for CHECKPOINT-MIB , click on the MAP tab and under Attribute Support search for both the variables (fwconntablelimit  and fwnumconn) . You should find a Attribute ID in your test and it would be empty in your production.

     

    If you like to have the ID mapped in your prod, click on the " create attributes " icon and that should create a attribute ID , after which you should be able to find these variables with attribute ID 

     

    Hope this helps

     

     

     



  • 7.  Re: Check point firewall VSX attributes missing

    Posted Feb 23, 2018 03:56 AM

    Hi Phani,

     

    Thanks a lot. My query addressed.

     

    Regards,

    Vishnu Prasad