nv-l
[Top] [All Lists]

[nv-l] NetView, Firewalls and netSNMP

To: "'nv-l@lists.us.ibm.com'" <nv-l@lists.us.ibm.com>
Subject: [nv-l] NetView, Firewalls and netSNMP
From: "Vidal, Chaz" <chaz.vidal@eds.com>
Date: Fri, 17 Sep 2004 15:44:57 +1000
Delivery-date: Fri, 17 Sep 2004 06:53:44 +0100
Envelope-to: nv-l-archive@lists.skills-1st.co.uk
Reply-to: nv-l@lists.us.ibm.com
Sender: owner-nv-l@lists.us.ibm.com
NetView 7.1.3 with Fixpack 3 on Solaris 8 system.

I am trying to monitor a firewall for status.  The firewall is a gauntlet
firewall-1 running on a solaris box using netSNMP 5.1.1 as its agent.

SNMP has been opened between NetView and the firewall and snmpwalk runs
correctly.  The firewall has 3 interfaces only 1 of which is accessible from
the NetView system.

I place the firewall as unmanaged and then I manage it. The following shows
up in the trapd.log file:

1095384180 7  Fri Sep 17 11:23:00 2004 firewall_name           I Node
managed.
1095384180 4  Fri Sep 17 11:23:00 2004 firewall_name           N SNMP
Address Changed to "10.10.10.142"
1095384180 7  Fri Sep 17 11:23:00 2004 firewall_name           I Interface
qfe1 managed.
1095384180 7  Fri Sep 17 11:23:00 2004 firewall_name           I Interface
eri0 managed.
1095384180 7  Fri Sep 17 11:23:00 2004 firewall_name           I Interface
qfe0 managed.
1095384188 4  Fri Sep 17 11:23:08 2004 firewall_name           N SNMP
Address Changed to "192.168.96.172"
1095384188 3  Fri Sep 17 11:23:08 2004 firewall_name           N Interface
eri0 down.
1095384188 3  Fri Sep 17 11:23:08 2004 firewall_name           N Interface
qfe1 down.
1095384188 3  Fri Sep 17 11:23:08 2004 firewall_name           N Interface
qfe0 down.
1095384188 3  Fri Sep 17 11:23:08 2004 firewall_name           N Router
Down.

I have already set the flag in netmon.conf to ignore the SNMP address coming
from the firewall. The 10.10 address is the one reachable by netview. The
firewall has (2) 192.168 addresses that is not reachable at all. What
happens is that everytime I manage the router, it automatically becomes down
in NetView even though I can reach it via SNMP.

Also, a funny thing is that in the next poll cycle, NetView will see that
the firewall is up and will then proceed to  bring the whole router up.
Then the next poll cycle happens and I think NetView then detects that the
10.10 interface is down again and will mark the whole router as so.

I am reasonably certain that the problem lies in the SNMP agent as I am
monitoring several firewalls this way and most of them work.  

I am hesitant to forward this to Tivoli support as it might be an SNMP agent
problem and NetView is only working as expected. 

Take note that I do not manage the firewalls directly and their is another
firewall team responsible for them.  

Any ideas would be much appreciated.

cheers,
Chaz Vidal
EDS Australia

<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web