SNMP query L3 devices like Checkpoint firewalls

Started by Anthony

Anthony

SNMP query L3 devices like Checkpoint firewalls   06 May 2018, 23:50

Will Switch Port Mapper support querying ARP entries on devices like Checkpoint firewalls?

Unfortunately I am not getting any IP addresses when I add the Checkpoint firewall as router. I know the ARP table is listed when I walk from the following OID tree: .1.3.6.1.2.1.4.35.1.4

I get info OK from Cisco switch and checkpoint firewall when I test the connection.
SoftPerfect Support forum - Andrew avatar image

Re: SNMP query L3 devices like Checkpoint firewalls   07 May 2018, 01:30

Generally reading ARP entries should work on any compatible device, including Checkpoint firewalls. We try to extract ARP data from three SNMP views:
  1. ipNetToPhysicalTable
  2. ipNetToMediaTable
  3. atTable

It's pretty strange that you can walk ipNetToPhysicalTable, while the Port Mapper fails to do so, granted the connection credentials are correct. Let me see what we can do about that.
Indeed it's odd, when I walk the device with the following OID branch:
[root@lgmg ~]# snmpwalk -v3 -l authPriv -u watchdog -a MD5 -A XXX -x DES -X XXX 10.X.X.21 .1.3.6.1.2.1.4.35.1.4
I get responses OK:
IP-MIB::ipNetToPhysicalPhysAddress.21.ipv4."1X2.1XX.11.5" = STRING: XX:XX:e0:89:52:43
IP-MIB::ipNetToPhysicalPhysAddress.21.ipv4."1X2.1XX.11.102" = STRING: XX:XX:ac:68:e7:e4
SoftPerfect Support forum - Andrew avatar image

Re: SNMP query L3 devices like Checkpoint firewalls   08 May 2018, 07:56

We have managed to reproduce the problem by installing RHEL 5.2, same kernel v2.6.18 that most Checkpoint devices are running and the issue is now clear. It actually works with SNMPv1 and SNMPv2c, but not SNMPv3. Please allow a couple of days for us to investigate.
SoftPerfect Support forum - Andrew avatar image

Re: SNMP query L3 devices like Checkpoint firewalls   10 May 2018, 07:12

It turned out that Checkpoint devices didn't like when Max-Repetitions (batch size) was set to 100 in SNMPv3 requests. When reduced to 50 it started working.

We have released version 2.0.11 that fixes this issue, and as a bonus correctly handles IPv6 addresses received from routers. Please download the updated Port Mapper from its home page and let me know how it works for you.
Seems to work OK now, thanks for your help!

Reply to this topic

Sometimes you can find a solution faster if you try the forum search, have a look at the knowledge base, or check the software user manual to see if your question has already been answered.

Our forum rules are simple:

  • Be polite.
  • Do not spam.
  • Write in English. If possible, check your spelling and grammar.

Author:

Email:

Subject

A brief and informative title for your message, approximately 4–8 words:

     

Spam prevention: please enter the following code in the input field below.

 **     **   ******    ********   **     **  ********  
  **   **   **    **   **     **  **     **  **     ** 
   ** **    **         **     **  **     **  **     ** 
    ***     **   ****  **     **  **     **  ********  
   ** **    **    **   **     **  **     **  **     ** 
  **   **   **    **   **     **  **     **  **     ** 
 **     **   ******    ********    *******   ********  

Message: