nv-l
[Top] [All Lists]

Re: SNMP monitoring of Firewall-1

To: nv-l@lists.tivoli.com
Subject: Re: SNMP monitoring of Firewall-1
From: farukg@us.ibm.com
Date: Wed, 10 May 2000 09:36:55 -0600

My team is monitoring some checkpoint firewalls using SNMP & NetView.
Checkpoint does have and snmp agent but it uses port 260 inistead of the
standard one. It talks to the OS snmp agent so you will be able to poll the
sererver/firewall for MIB-II objects as well as the OS vendor specific mib
objects, all on port 260. Make sure though that both snmp agents have the
same community names. We did not find any checkpoint traps, so all
monitoring is being done through polling.
Checkpoint we are monitoring is running on AIX.

Thanks
Faruk Grozdanic
IBM GS SDC - West
(303) 924-3475   T/L 347-3475


Bill Painter <william.t.painter@lmco.com>@tkg.com on 05/09/2000 02:24:25 PM

Please respond to IBM NetView Discussion <nv-l@tkg.com>

Sent by:  owner-nv-l@tkg.com


To:   IBM NetView Discussion <nv-l@tkg.com>
cc:
Subject:  Re: [NV-L] SNMP monitoring of Firewall-1



The more I think about this problem the more I like the idea of sending my
log files, rejects and such to another machine that is running with Tivoli
and a log file adapter.

Does anyone have a comment on this approach?  It removes the "agents" and
protocols from the firewall and does a push.

Thanks,
Bill Painter
Unix Admin.
William.t.painter@lmco.com

"Smith, Kristi" wrote:

We will be doing this within the next 3 months so I'm interested in any
feedback as well.

Kristi Smith
Mentor Graphics Corporation
(503) 685-1971
kristi_smith@mentorg.com

-----Original Message-----
From: Chance, Larry [mailto:lchance@sfbcic.com]
Sent: Thursday, April 13, 2000 12:51 PM
To: 'NetviewListSERVERUsers nv-l@tkg.com'
Subject: [NV-L] SNMP monitoring of Firewall-1

I asked this on Firewall-1's list-server and no one responded, so I'll try
here.

Anyone monitoring their FW-1 (Checkpoint/Firewall-1) with Netview or an
SNMP/NMS?
And are you having any success?

Also, what are the security risks involved, especially with SNMP v1 on the
firewall server?

In an NT DMZ configuration, can you 'bind' the SNMP services to either NIC?

Thanks for the thoughts and opinions you might share.

Larry


_________________________________________________________________________

NV-L List information (unsubscribing, policies, posting, digest version,
searchable archives): http://www.tkg.com/nv-l


<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web