Using the Check Point MIB

You must use the Check Point version of the Check Point MIB (CP-MIB) text file in $FWDIR/ lib/snmp of your network management tool. Do not use the CheckPoint-MIB.txt included in releases before Nokia IPSO 3.7.

Whenever IPSO SNMPd is started or restarted, it searches for the CheckPoint-MIB.txt. The following is an example of a message you may see as a result of the search:

IP650 [admin]# Jan 31 12:17:19 IP650 [LOG_ERR] snmpd: Cannot find module

(CheckPoint-MIB) : At line 1 in (none)

You can ignore this message.

Any SNMP requests to the CP-MIB when the Check Point SNMPd (CP-SNMPd) is not running time out. (The IPSO SNMPd does not respond.)

The SNMP Proxy support is hard-coded to work only with the CP-SNMPd. It is not a generic proxy that you can use for accessing other MIBs. If you change the following default configurations, the SNMP Proxy for the CP-MIB does not work:

„CP-SNMPd must continue to run on port 260.

„CP-SNMPd must continue to accept SNMPv1 and have a read community set to “public.”

„CP-SNMPd must continue to be accessible through “localhost” on the Nokia IPSO device.

The SNMP Proxy is not a trap proxy and only proxies SNMP Get and SNMP GetNext requests.

When simultaneous SNMP queries arrive, the SNMP Proxy returns valid values to only one request.

Because Nokia IPSO uses a proxy to support the Check Point MIB, reference the Check Point documentation for any limitations of the CP-SNMPd.

Using cpsnmp_start

You must run the cpsnmp_start script to make sure that CP-SNMPd is running on Check Point versions NG FP1, FP2, and FP3. You do this by first enabling the IPSO SNMPd from Nokia Network Voyager and then enabling the CP-SNMPd by using /bin/cpsnmp_start on the command line.

Note

Whenever you use the cprestart or cpstop;cpstart commands, you must run the cpsnmp_start script to restart the CP-SNMPd when you are using NG FP3.

Note

Using FloodGate with Check Point NG FP1, FP2, and FP3 causes SNMP query operations to fail, even on non-FloodGate CheckPoint MIB objects. You must restart the CP-SNMPd to have SNMP query operations. On NG FP2, just disabling FloodGate might not enable

Nokia Network Voyager for IPSO 4.0 Reference Guide

253

Page 252 Page 254
Page 253
Image 253
Nokia IPSO 4.0 manual Using the Check Point MIB, Using cpsnmpstart, Nokia Network Voyager for Ipso 4.0 Reference Guide 253
Page 252 Page 254
Top Page Image Contents