File: //opt/netdata/netdata-configs/orig/go.d/snmp.profiles/default/_checkpoint-vpn.yaml
# Check Point VPN monitoring (CHECKPOINT-MIB)
# Covers IKE/IPSec global stats, tunnel state, and permanent tunnel state
metrics:
# IKE global scalars
- MIB: CHECKPOINT-MIB
symbol:
OID: 1.3.6.1.4.1.2620.1.2.9.1.1.0
name: cpvIKECurrSAs
chart_meta:
description: Number of current IKE Security Associations
family: 'Network/VPN/IPSec/IKE/SA/Active'
unit: "{sa}"
- MIB: CHECKPOINT-MIB
symbol:
OID: 1.3.6.1.4.1.2620.1.2.9.2.1.0
name: cpvIKETotalFailuresInit
chart_meta:
description: IKE negotiation failures as initiator per second
family: 'Network/VPN/IPSec/IKE/Failure/Initiator'
unit: "{failure}/s"
- MIB: CHECKPOINT-MIB
symbol:
OID: 1.3.6.1.4.1.2620.1.2.9.2.3.0
name: cpvIKETotalFailuresResp
chart_meta:
description: IKE negotiation failures as responder per second
family: 'Network/VPN/IPSec/IKE/Failure/Responder'
unit: "{failure}/s"
# IPSec SA scalars
- MIB: CHECKPOINT-MIB
symbol:
OID: 1.3.6.1.4.1.2620.1.2.5.2.1.0
name: cpvCurrEspSAsIn
chart_meta:
description: Number of current inbound ESP Security Associations
family: 'Network/VPN/IPSec/SA/Active/In'
unit: "{sa}"
- MIB: CHECKPOINT-MIB
symbol:
OID: 1.3.6.1.4.1.2620.1.2.5.2.3.0
name: cpvCurrEspSAsOut
chart_meta:
description: Number of current outbound ESP Security Associations
family: 'Network/VPN/IPSec/SA/Active/Out'
unit: "{sa}"
# IPSec error scalars
- MIB: CHECKPOINT-MIB
symbol:
OID: 1.3.6.1.4.1.2620.1.2.5.3.1.0
name: cpvSaDecrErr
chart_meta:
description: SA decryption errors per second
family: 'Network/VPN/IPSec/SA/Error/Decrypt'
unit: "{error}/s"
- MIB: CHECKPOINT-MIB
symbol:
OID: 1.3.6.1.4.1.2620.1.2.5.3.2.0
name: cpvSaAuthErr
chart_meta:
description: SA authentication errors per second
family: 'Network/VPN/IPSec/SA/Error/Auth'
unit: "{error}/s"
- MIB: CHECKPOINT-MIB
symbol:
OID: 1.3.6.1.4.1.2620.1.2.5.3.3.0
name: cpvSaReplayErr
chart_meta:
description: SA replay errors per second
family: 'Network/VPN/IPSec/SA/Error/Replay'
unit: "{error}/s"
# IPSec traffic scalars
- MIB: CHECKPOINT-MIB
symbol:
OID: 1.3.6.1.4.1.2620.1.2.5.4.5.0
name: cpvIpsecEspEncPkts
chart_meta:
description: ESP encrypted packets per second
family: 'Network/VPN/IPSec/Traffic/Packet/Out'
unit: "{packet}/s"
- MIB: CHECKPOINT-MIB
symbol:
OID: 1.3.6.1.4.1.2620.1.2.5.4.6.0
name: cpvIpsecEspDecPkts
chart_meta:
description: ESP decrypted packets per second
family: 'Network/VPN/IPSec/Traffic/Packet/In'
unit: "{packet}/s"
- MIB: CHECKPOINT-MIB
symbol:
OID: 1.3.6.1.4.1.2620.1.2.5.4.19.0
name: cpvIpsecEspEncBytes
chart_meta:
description: ESP encrypted bytes per second
family: 'Network/VPN/IPSec/Traffic/Throughput/Out'
unit: "By/s"
- MIB: CHECKPOINT-MIB
symbol:
OID: 1.3.6.1.4.1.2620.1.2.5.4.20.0
name: cpvIpsecEspDecBytes
chart_meta:
description: ESP decrypted bytes per second
family: 'Network/VPN/IPSec/Traffic/Throughput/In'
unit: "By/s"
# VPN tunnel state table
- MIB: CHECKPOINT-MIB
table:
OID: 1.3.6.1.4.1.2620.500.9002
name: tunnelTable
symbols:
- OID: 1.3.6.1.4.1.2620.500.9002.1.3
name: tunnelState
chart_meta:
description: Current state of the VPN tunnel
family: 'Network/VPN/IPSec/Tunnel/Status'
unit: "{status}"
mapping:
3: active
4: destroy
129: idle
130: phase1
131: down
132: init
- OID: 1.3.6.1.4.1.2620.500.9002.1.9
name: tunnelProbState
chart_meta:
description: DPD probe state of the VPN tunnel
family: 'Network/VPN/IPSec/Tunnel/ProbeStatus'
unit: "{status}"
mapping:
0: unknown
1: alive
2: dead
metric_tags:
- tag: tunnel_index
index: 1
- tag: tunnel_peer_name
symbol:
OID: 1.3.6.1.4.1.2620.500.9002.1.2
name: tunnelPeerObjName
- tag: _tunnel_community
symbol:
OID: 1.3.6.1.4.1.2620.500.9002.1.4
name: tunnelCommunity
- tag: _tunnel_interface
symbol:
OID: 1.3.6.1.4.1.2620.500.9002.1.6
name: tunnelInterface
- tag: _tunnel_source_ip
symbol:
OID: 1.3.6.1.4.1.2620.500.9002.1.7
name: tunnelSourceIP
- tag: _tunnel_link_priority
symbol:
OID: 1.3.6.1.4.1.2620.500.9002.1.8
name: tunnelLinkPriority
- tag: _tunnel_peer_type
symbol:
OID: 1.3.6.1.4.1.2620.500.9002.1.10
name: tunnelPeerType
- tag: _tunnel_type
symbol:
OID: 1.3.6.1.4.1.2620.500.9002.1.11
name: tunnelType
# Permanent VPN tunnel state table
- MIB: CHECKPOINT-MIB
table:
OID: 1.3.6.1.4.1.2620.500.9003
name: permanentTunnelTable
symbols:
- OID: 1.3.6.1.4.1.2620.500.9003.1.3
name: permanentTunnelState
chart_meta:
description: Current state of the permanent VPN tunnel
family: 'Network/VPN/IPSec/PermanentTunnel/Status'
unit: "{status}"
mapping:
3: active
4: destroy
129: idle
130: phase1
131: down
132: init
- OID: 1.3.6.1.4.1.2620.500.9003.1.9
name: permanentTunnelProbState
chart_meta:
description: DPD probe state of the permanent VPN tunnel
family: 'Network/VPN/IPSec/PermanentTunnel/ProbeStatus'
unit: "{status}"
mapping:
0: unknown
1: alive
2: dead
metric_tags:
- tag: tunnel_index
index: 1
- tag: tunnel_peer_name
symbol:
OID: 1.3.6.1.4.1.2620.500.9003.1.2
name: permanentTunnelPeerObjName
- tag: _tunnel_community
symbol:
OID: 1.3.6.1.4.1.2620.500.9003.1.4
name: permanentTunnelCommunity
- tag: _tunnel_interface
symbol:
OID: 1.3.6.1.4.1.2620.500.9003.1.6
name: permanentTunnelInterface
- tag: _tunnel_source_ip
symbol:
OID: 1.3.6.1.4.1.2620.500.9003.1.7
name: permanentTunnelSourceIP
- tag: _tunnel_link_priority
symbol:
OID: 1.3.6.1.4.1.2620.500.9003.1.8
name: permanentTunnelLinkPriority
- tag: _tunnel_peer_type
symbol:
OID: 1.3.6.1.4.1.2620.500.9003.1.10
name: permanentTunnelPeerType
- tag: _tunnel_type
symbol:
OID: 1.3.6.1.4.1.2620.500.9003.1.11
name: permanentTunnelType
# Extended IKE scalars — complement the 3 IKE metrics above
- MIB: CHECKPOINT-MIB
symbol:
OID: 1.3.6.1.4.1.2620.1.2.9.1.2.0
name: cpvIKECurrInitSAs
chart_meta:
description: Current IKE Security Associations initiated by this gateway
family: 'Network/VPN/IPSec/IKE/SA/Active/Initiator'
unit: "{sa}"
- MIB: CHECKPOINT-MIB
symbol:
OID: 1.3.6.1.4.1.2620.1.2.9.1.3.0
name: cpvIKECurrRespSAs
chart_meta:
description: Current IKE Security Associations responded to by this gateway
family: 'Network/VPN/IPSec/IKE/SA/Active/Responder'
unit: "{sa}"
- MIB: CHECKPOINT-MIB
symbol:
OID: 1.3.6.1.4.1.2620.1.2.9.1.4.0
name: cpvIKETotalSAs
chart_meta:
description: IKE Security Associations created per second
family: 'Network/VPN/IPSec/IKE/SA/Total'
unit: "{sa}/s"
- MIB: CHECKPOINT-MIB
symbol:
OID: 1.3.6.1.4.1.2620.1.2.9.1.7.0
name: cpvIKETotalSAsAttempts
chart_meta:
description: IKE SA negotiation attempts per second
family: 'Network/VPN/IPSec/IKE/SA/Attempts'
unit: "{attempt}/s"
- MIB: CHECKPOINT-MIB
metric_type: gauge
symbol:
OID: 1.3.6.1.4.1.2620.1.2.9.1.10.0
name: cpvIKEMaxConncurSAs
chart_meta:
description: Peak concurrent IKE Security Associations
family: 'Network/VPN/IPSec/IKE/SA/Peak'
unit: "{sa}"
- MIB: CHECKPOINT-MIB
symbol:
OID: 1.3.6.1.4.1.2620.1.2.9.2.2.0
name: cpvIKENoResp
chart_meta:
description: IKE failures per second due to no response from peer
family: 'Network/VPN/IPSec/IKE/Failure/NoResponse'
unit: "{failure}/s"
# Extended IPSec SA error scalars — complement decrypt/auth/replay
- MIB: CHECKPOINT-MIB
symbol:
OID: 1.3.6.1.4.1.2620.1.2.5.3.4.0
name: cpvSaPolicyErr
chart_meta:
description: IPSec SA policy errors per second
family: 'Network/VPN/IPSec/SA/Error/Policy'
unit: "{error}/s"
- MIB: CHECKPOINT-MIB
symbol:
OID: 1.3.6.1.4.1.2620.1.2.5.3.5.0
name: cpvSaOtherErrIn
chart_meta:
description: IPSec SA other inbound errors per second
family: 'Network/VPN/IPSec/SA/Error/Other/In'
unit: "{error}/s"
- MIB: CHECKPOINT-MIB
symbol:
OID: 1.3.6.1.4.1.2620.1.2.5.3.6.0
name: cpvSaOtherErrOut
chart_meta:
description: IPSec SA other outbound errors per second
family: 'Network/VPN/IPSec/SA/Error/Other/Out'
unit: "{error}/s"
- MIB: CHECKPOINT-MIB
symbol:
OID: 1.3.6.1.4.1.2620.1.2.5.3.7.0
name: cpvSaUnknownSpiErr
chart_meta:
description: IPSec SA unknown SPI errors per second
family: 'Network/VPN/IPSec/SA/Error/UnknownSPI'
unit: "{error}/s"
# NAT-Traversal (UDP-encapsulated ESP) packet counters
- MIB: CHECKPOINT-MIB
symbol:
OID: 1.3.6.1.4.1.2620.1.2.5.4.1.0
name: cpvIpsecUdpEspEncPkts
chart_meta:
description: NAT-T UDP-encapsulated ESP encrypted packets per second
family: 'Network/VPN/IPSec/Traffic/Packet/NatT/Out'
unit: "{packet}/s"
- MIB: CHECKPOINT-MIB
symbol:
OID: 1.3.6.1.4.1.2620.1.2.5.4.2.0
name: cpvIpsecUdpEspDecPkts
chart_meta:
description: NAT-T UDP-encapsulated ESP decrypted packets per second
family: 'Network/VPN/IPSec/Traffic/Packet/NatT/In'
unit: "{packet}/s"