Monitor by SNMP
A customer of us wants to monitor interfaces, subinterfaces and L2L IPSEC VPNs using SNMP CACTI tool.
I have no problem with interfaces. But I cannot figure out how to see subinterfaces and L2L VPNs.
BWC Cybersecurity Overlord ✭✭✭
@SEBASTIAN got me researching again (was giving up on VPN monitoring). The problem with VPN monitoring via SNMP on SonicWalls is that VPN Policies are completly kicked out of the SNMP tree when not active for whatever reason.
When the Tunnel comes back up, the OID will be different, because it gets a new sonicIpsecSaIndex assigned.
There must be RFEs already exist for this, or am I wrong? Just leave the VPN policies in the tree and give them a status like online/offline/disabled and things would be more predictable and does not break things, IMHO.
I'am not sure, but I guess L2L stands for lan-to-lan, also known as Site-to-Site? AFAIK you can't monitor VPN connections via SNMP, a feature I really myself as a ZABBIX fan. There are some entities, but IMHO not usable for dynamic monitoring.
UPDATE: if you know all of your VPN tunnels (no dynamic discovery) you could check sonicSAStatUserName for their existence. This entry is only available via SNMP if the connection is active. Not perfect but better than nothing.
I know PRTG does this. It identifies VPNs lan-to-lan from Sonicwall.
But I need it to work with CACTI.
Cacti is IMHO a bit limited for that, but sonicwallFwVpnIPSecStats is all what you've got VPN-wise. Check with SONICWALL-FIREWALL-IP-STATISTICS-MIB, sonicSAStatEncryptByteCount can be used for bandwith calculation.
The subinterfaces (VLAN?) are in the interfaces section, like all the other Ethernet interfaces. Dunno anything about the SNMP view of other interface types.
Hi to all! I also have a problem like this. I want to get the no of users display it on Zabbix. Why they didn't include it to their snmp MIB its only very basic yet important counter in this time of pandemic.
After all my research I bump up with this site: https://community.sonicwall.com/technology-and-support/discussion/163/using-the-sonicos-api-to-get-the-list-of-ssl-vpn-users, IT gives the vpn information connected to the firewall, the problem is how to integrate it to zabbix. Seeing the APIs theres also reporting for ipsec and vpn leased by dhcp.
as a fellow ZABBIX user I feel you. SNMP support is lacking a bunch of features, but getting the information via API or SSH is probably the only way to go.
I'am following every MIBs release and hope for the best, but no much changes there, all focus on API I guess.
Integration into ZABBIX should be straight forward with a trapper host or active check from an agent calling the script. I'am lacking behind all my efforts, because I would like to have information back to my ZABBIX as well, but time is a rare good.